CVE-2024-2473

MEDIUM EXPLOITED NUCLEI

WPS Hide Login <= 1.9.15.2 - Login Page Disclosure

Title source: nuclei

Description

The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin.

Exploits (1)

vulncheck_xdb SCANNER

infoleak

https://github.com/M4xSec/CVE-2024-2473

View Code ZIP pw:eip

Nuclei Templates (1)

WPS Hide Login <= 1.9.15.2 - Login Page Disclosure

MEDIUMVERIFIEDby popcorn94,rodtvs

FOFA: body="/wp-content/plugins/wps-hide-login"

References (3)

https://github.com/whattheslime/wps-show-login

[Patch] https://plugins.trac.wordpress.org/changeset/3099109/wps-hide-login

[Third Party Advisory] https://www.wordfence.com/threat-intel/vulnerabilities/id/fd21c7d3-a5f1-4c3a-b6ab-0a979f070a62?source=cve

Scores

CVSS v3 5.3

EPSS 0.1568

EPSS Percentile 94.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

VulnCheck KEV 2026-01-23

CWE

CWE-863

Status published

Products (2)

tabrisrp/WPS Hide Login < 1.9.15.2

wpserveur/wps_hide_login < 1.9.16

Published Jun 11, 2024

Tracked Since Feb 18, 2026