Vulnerability Details CVE-2024-6420
The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.403
EPSS Ranking 97.2%
CVSS Severity
CVSS v3 Score 8.6
References
Products affected by CVE-2024-6420
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:-
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:4.0.11
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:4.1.11
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.0.26
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.0.27
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.0.28
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.0.29
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.1.01
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.1.02
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.1.03
-
cpe:2.3:a:wpplugins:hide_my_wp_ghost:5.2.01