CVE-2019-15823

CRITICAL NUCLEI

wps-hide-login <1.5.3 - Auth Bypass

Title source: llm

Description

The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass.

Nuclei Templates (1)

WPS Hide Login <= 1.5.2.2 - Login Page Bypass
HIGHVERIFIEDby pussycat0x
FOFA: body="/wp-content/plugins/wps-hide-login"

References (3)

Scores

CVSS v3 9.8
EPSS 0.5105
EPSS Percentile 97.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (1)
wpserveur/wps_hide_login < 1.5.3
Published Aug 30, 2019
Tracked Since Feb 18, 2026