Exploitation Summary
CVE-2019-15823 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass.
Nuclei Templates (1)
WPS Hide Login <= 1.5.2.2 - Login Page Bypass
HIGHVERIFIEDby pussycat0x
FOFA:
body="/wp-content/plugins/wps-hide-login"
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/9469
Product, Third Party Advisory x_refsource_misc
https://wordpress.org/plugins/wps-hide-login/#developers
Exploit, Third Party Advisory x_refsource_misc
https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/
Scores
CVSS v3
9.8
EPSS
0.0858
EPSS Percentile
94.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (1)
wpserveur/wps_hide_login
< 1.5.3
Published
Aug 30, 2019
Tracked Since
Feb 18, 2026