CVE-2024-2473

MEDIUM EXPLOITED NUCLEI

WPS Hide Login <= 1.9.15.2 - Login Page Disclosure

Title source: nuclei

Exploitation Summary

CVE-2024-2473 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a Python-based scanner for CVE-2024-2473, which detects the exposure of hidden WordPress login pages in WPS Hide Login <= 1.9.15.2. It checks for specific HTTP responses and patterns to identify vulnerable installations.

Description

The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin.

Exploits (1)

vulncheck_xdb SCANNER

infoleak

https://github.com/M4xSec/CVE-2024-2473

View Code ZIP pw:eip

This repository contains a Python-based scanner for CVE-2024-2473, which detects the exposure of hidden WordPress login pages in WPS Hide Login <= 1.9.15.2. It checks for specific HTTP responses and patterns to identify vulnerable installations.

Classification

Scanner 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: WPS Hide Login <= 1.9.15.2

No auth needed

Prerequisites: WordPress installation with WPS Hide Login plugin <= 1.9.15.2

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Mar 24, 2026 Full analysis →

Nuclei Templates (1)

WPS Hide Login <= 1.9.15.2 - Login Page Disclosure

MEDIUMVERIFIEDby popcorn94,rodtvs

FOFA: body="/wp-content/plugins/wps-hide-login"

References (3)

Core 3

Core References

https://github.com/whattheslime/wps-show-login

View Writeup ZIP pw:eip

Patch

https://plugins.trac.wordpress.org/changeset/3099109/wps-hide-login

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/fd21c7d3-a5f1-4c3a-b6ab-0a979f070a62?source=cve

Scores

CVSS v3 5.3

EPSS 0.1701

EPSS Percentile 95.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

VulnCheck KEV 2026-01-23

CWE

CWE-863

Status published

Products (2)

tabrisrp/WPS Hide Login < 1.9.15.2

wpserveur/wps_hide_login < 1.9.16

Published Jun 11, 2024

Tracked Since Feb 18, 2026