Vulnerabilities and security researches forwp-hide-security-enhancer wp-hide-security-enhancer

Jun 06, 2024

CVE, Research URL: CVE-2022-2538
Home page URL: Security reports for WP Hide & Security Enhancer
Application: WP Hide & Security Enhancer
Date: Aug 29, 2022
Research Description: The WP Hide & Security Enhancer WordPress plugin before 1.8 does not escape a parameter before outputting it back in an attribute of a backend page, leading to a Reflected Cross-Site Scripting
Affected versions: max 1.8.
Status: vulnerable

CVE, Research URL: 5009dd48981ca7065310dbd9f6cb04bd5738c06b
Home page URL: Security reports for WP Hide & Security Enhancer
Application: WP Hide & Security Enhancer
Date: Jul 21, 2017
Research Description: WP Hide & Security Enhancer [wp-hide-security-enhancer] < 1.4.1 WordPress WP Hide Security Enhancer Plugin <=1.3.9.2 - Arbitrary File Download Vulnerability WordPress WP Hide Security Enhancer Plugin below 1.3.9.2 is vulnerable to arbitrary file download. This vulnerability allows an attacker to download any file from the victim web site. Update plugin to v1.4.1
Affected versions: max 1.4.1.
Status: vulnerable

Dec 07, 2024

CVE, Research URL: CVE-2024-11585
Home page URL: Security reports for WP Hide & Security Enhancer
Application: WP Hide & Security Enhancer
Date: Dec 06, 2024
Research Description: The WP Hide & Security Enhancer plugin for WordPress is vulnerable to arbitrary file contents deletion due to a missing authorization and insufficient file path validation in the file-process.php in all versions up to, and including, 2.5.1. This makes it possible for unauthenticated attackers to delete the contents of arbitrary files on the server, which can break the site or lead to data loss.
Affected versions: max 2.5.2.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: e2c0ed4e-653b-4fe6-bedc-e00d6b127e57
Home page URL: Security reports for WP Hide & Security Enhancer
Application: WP Hide & Security Enhancer
Date: -
Research Description: WP Hide & Security Enhancer [wp-hide-security-enhancer] < 1.4 WP Hide & Security Enhancer <= 1.3.9.2 - Arbitrary File Download The WP Hide & Security Enhancer WordPress plugin was affected by an Arbitrary File Download security vulnerability.
Affected versions: max 1.4.
Status: vulnerable

CVE, Research URL: 851bbb017a404d05a340abe049ca2259f4034f35
Home page URL: Security reports for WP Hide & Security Enhancer
Application: WP Hide & Security Enhancer
Date: Jul 21, 2017
Research Description: WP Hide & Security Enhancer [wp-hide-security-enhancer] < 1.4 WP Hide & Security Enhancer <= 1.3.9.2 - Arbitrary File Download The WP Hide & Security Enhancer plugin for WordPress is vulnerable to Arbitrary File Download in versions before 1.4. This is due to insufficient validation on the file path supplied via the 'file_path' parameter. This makes it possible for attackers to arbitrarily download files such as the wp-config.php file.
Affected versions: max 1.4.
Status: vulnerable