CVE-2024-6420

HIGH NUCLEI

Hide My WP Ghost <5.2.02 - CSRF

Title source: llm

Description

The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.

Nuclei Templates (1)

Hide My WP Ghost < 5.2.02 - Hidden Login Page Disclosure

HIGHVERIFIEDby jpg0mez

FOFA: body="/wp-content/plugins/hide-my-wp"

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/dfda6577-81aa-4397-a2d6-1d736f9ebd44/

Scores

CVSS v3 8.6

EPSS 0.3689

EPSS Percentile 97.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Details

Status published

Products (1)

wpplugins/hide_my_wp_ghost < 5.2.02

Published Jul 23, 2024

Tracked Since Feb 18, 2026