Vulnerabilities and security researches for wps-hide-login

Jun 07, 2024

CVE, Research URL: CVE-2015-9498
Application: WPS Hide Login
Date: Oct 23, 2019
Research Description: The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2019-15824
Application: WPS Hide Login
Date: Aug 30, 2019
Research Description: The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2019-15823
Application: WPS Hide Login
Date: Aug 30, 2019
Research Description: The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2019-15825
Application: WPS Hide Login
Date: Aug 30, 2019
Research Description: The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-24917
Application: WPS Hide Login
Date: Dec 06, 2021
Research Description: The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-3332
Application: WPS Hide Login
Date: Mar 02, 2021
Research Description: WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2019-15826
Application: WPS Hide Login
Date: Aug 30, 2019
Research Description: The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2020-36710
Application: WPS Hide Login
Date: Jun 07, 2023
Research Description: The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-49748
Application: WPS Hide Login
Date: Jun 04, 2024
Research Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPServeur, NicolasKulka, wpformation WPS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPS Hide Login: from n/a through 1.9.11.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-2473
Application: WPS Hide Login
Date: Jun 11, 2024
Research Description: The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-6289
Application: WPS Hide Login
Date: Jul 15, 2024
Research Description: The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.
Affected versions: Min -, max -.
Status: vulnerable

PSC, Research URL: PSC-2024-64541
Application: WPS Hide Login
Date: -
Research Description: WPS Hide Login is a lightweight and effective plugin designed to bolster WordPress security by allowing users to change the URL of the login form page to a custom address. This functionality adds an additional layer of protection against unauthorized access attempts and brute force attacks, making it an essential tool for securing WordPress websites.
Affected versions: Min -, max -.
Status: SAFE & CERTIFIED