CVE-2024-6289

MEDIUM NUCLEI

WPS Hide Login <1.9.16.4 - Auth Bypass

Title source: llm

Description

The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.

Nuclei Templates (1)

WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure

MEDIUMVERIFIEDby s4e-io

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/fd6d0362-df1d-4416-b8b5-6e5d0ce84793/

Scores

CVSS v3 6.1

EPSS 0.0788

EPSS Percentile 92.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-601

Status published

Products (1)

wpserveur/wps_hide_login < 1.9.16.4

Published Jul 15, 2024

Tracked Since Feb 18, 2026