Vulnerabilities and security researches forwp-hide-security-enhancer wp-hide-security-enhancer

Jun 06, 2024

CVE, Research URL: CVE-2022-2538
Home page URL: Security reports for WP Hide & Security Enhancer
Application: WP Hide & Security Enhancer
Date: Aug 29, 2022
Research Description: The WP Hide & Security Enhancer WordPress plugin before 1.8 does not escape a parameter before outputting it back in an attribute of a backend page, leading to a Reflected Cross-Site Scripting
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: 5009dd48981ca7065310dbd9f6cb04bd5738c06b
Home page URL: Security reports for WP Hide & Security Enhancer
Application: WP Hide & Security Enhancer
Date: Jul 21, 2017
Research Description: WP Hide & Security Enhancer [wp-hide-security-enhancer] < 1.4.1 WordPress WP Hide Security Enhancer Plugin <=1.3.9.2 - Arbitrary File Download Vulnerability WordPress WP Hide Security Enhancer Plugin below 1.3.9.2 is vulnerable to arbitrary file download. This vulnerability allows an attacker to download any file from the victim web site. Update plugin to v1.4.1
Affected versions: Min -, max -.
Status: vulnerable

Dec 07, 2024

CVE, Research URL: CVE-2024-11585
Home page URL: Security reports for WP Hide & Security Enhancer
Application: WP Hide & Security Enhancer
Date: Dec 06, 2024
Research Description: The WP Hide & Security Enhancer plugin for WordPress is vulnerable to arbitrary file contents deletion due to a missing authorization and insufficient file path validation in the file-process.php in all versions up to, and including, 2.5.1. This makes it possible for unauthenticated attackers to delete the contents of arbitrary files on the server, which can break the site or lead to data loss.
Affected versions: Min -, max -.
Status: vulnerable