CVE-2021-24917

HIGH NUCLEI

WPS Hide Login <1.9.1 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2021-24917. PoCs published by Cappricio-Securities, buildwithlian, thalakus, h00die, including Metasploit module auxiliary/scanner/http/wp_wps_hide_login_revealer. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a scanner for CVE-2021-24917, which checks for vulnerable endpoints by sending crafted requests and analyzing responses. It includes features like Telegram notifications and bulk URL scanning but does not include exploit code for achieving RCE or other offensive actions.

Description

The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user.

Exploits (3)

nomisec SCANNER 3 stars
by Cappricio-Securities · poc
https://github.com/Cappricio-Securities/CVE-2021-24917

This repository contains a scanner for CVE-2021-24917, which checks for vulnerable endpoints by sending crafted requests and analyzing responses. It includes features like Telegram notifications and bulk URL scanning but does not include exploit code for achieving RCE or other offensive actions.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Apache Solr
No auth needed
Prerequisites: Target URL or list of URLs · Python 3 environment
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 2 stars
by buildwithlian · poc
https://github.com/buildwithlian/CVE-2021-24917

This exploit targets CVE-2021-24917, a vulnerability in the WPS Hide Login WordPress plugin. It detects the presence of the plugin and attempts to uncover the hidden login page by parsing the plugin's settings page.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: WPS Hide Login WordPress plugin
No auth needed
Prerequisites: Target must be a WordPress site with the WPS Hide Login plugin installed
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC
by thalakus, h00die · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wp_wps_hide_login_revealer.rb

This Metasploit module exploits an information disclosure vulnerability in WPS Hide Login <= 1.9 by sending a crafted GET request to '/wp-admin/options.php' with a referer header, revealing the hidden login path via a 302 redirect.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: WordPress WPS Hide Login <= 1.9
No auth needed
Prerequisites: WordPress installation with WPS Hide Login plugin <= 1.9 · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

WordPress WPS Hide Login <1.9.1 - Information Disclosure
HIGHVERIFIEDby akincibor

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375
Third Party Advisory x_refsource_misc
https://wordpress.org/support/topic/bypass-security-issue/

Scores

CVSS v3 7.5
EPSS 0.7153
EPSS Percentile 99.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-863
Status published
Products (1)
wpserveur/wps_hide_login < 1.9.1
Published Dec 06, 2021
Tracked Since Feb 18, 2026