cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forwps-hide-login wps-hide-login

Direction: ascending
Jun 07, 2024

WPS Hide Login # CVE-2015-9498

CVE, Research URL

CVE-2015-9498

Application

WPS Hide Login

Date
Oct 23, 2019
Research Description
The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value.
Affected versions
max 1.1.
Status
vulnerable

WPS Hide Login # CVE-2019-15824

CVE, Research URL

CVE-2019-15824

Application

WPS Hide Login

Date
Aug 30, 2019
Research Description
The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass.
Affected versions
max 1.5.3.
Status
vulnerable

WPS Hide Login # CVE-2019-15823

CVE, Research URL

CVE-2019-15823

Application

WPS Hide Login

Date
Aug 30, 2019
Research Description
The wps-hide-login plugin before 1.5.3 for WordPress has an action=confirmaction protection bypass.
Affected versions
max 1.5.3.
Status
vulnerable

WPS Hide Login # CVE-2019-15825

CVE, Research URL

CVE-2019-15825

Application

WPS Hide Login

Date
Aug 30, 2019
Research Description
The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp&key&login protection bypass.
Affected versions
max 1.5.3.
Status
vulnerable

WPS Hide Login # CVE-2021-24917

CVE, Research URL

CVE-2021-24917

Application

WPS Hide Login

Date
Dec 06, 2021
Research Description
The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user.
Affected versions
max 1.9.1.
Status
vulnerable

WPS Hide Login # CVE-2021-3332

CVE, Research URL

CVE-2021-3332

Application

WPS Hide Login

Date
Mar 02, 2021
Research Description
WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password.
Affected versions
max 1.7.
Status
vulnerable

WPS Hide Login # CVE-2019-15826

CVE, Research URL

CVE-2019-15826

Application

WPS Hide Login

Date
Aug 30, 2019
Research Description
The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field.
Affected versions
max 1.5.3.
Status
vulnerable

WPS Hide Login # CVE-2020-36710

CVE, Research URL

CVE-2020-36710

Application

WPS Hide Login

Date
Jun 07, 2023
Research Description
The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2.
Affected versions
max 1.5.5.
Status
vulnerable

WPS Hide Login # CVE-2023-49748

CVE, Research URL

CVE-2023-49748

Application

WPS Hide Login

Date
Jun 04, 2024
Research Description
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPServeur, NicolasKulka, wpformation WPS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPS Hide Login: from n/a through 1.9.11.
Affected versions
max 1.9.12.
Status
vulnerable
Jun 13, 2024

WPS Hide Login # CVE-2024-2473

CVE, Research URL

CVE-2024-2473

Application

WPS Hide Login

Date
Jun 11, 2024
Research Description
The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin.
Affected versions
max 1.9.16.
Status
vulnerable
Jul 16, 2024

WPS Hide Login # CVE-2024-6289

CVE, Research URL

CVE-2024-6289

Application

WPS Hide Login

Date
Jul 15, 2024
Research Description
The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.
Affected versions
max 1.9.16.4.
Status
vulnerable
Dec 26, 2024

WPS Hide Login # PSC-2024-64541

PSC, Research URL

PSC-2024-64541

Application

WPS Hide Login

Date
Apr 15, 2025
Research Description
WPS Hide Login is a lightweight and effective plugin designed to bolster WordPress security by allowing users to change the URL of the login form page to a custom address. This functionality adds an additional layer of protection against unauthorized access attempts and brute force attacks, making it an essential tool for securing WordPress websites.
Affected versions
Min 1.9.18, max 1.9.18.
Status
SAFE & CERTIFIED
Jun 16, 2026

WPS Hide Login # 168885a04d04fbe904674e18b586256c1a3b3c48

Application

WPS Hide Login

Date
Jan 27, 2020
Research Description
WPS Hide Login [wps-hide-login] < 1.5.5 WordPress WPS Hide Login plugin <= 1.5.4.2 - Secret login page location disclosure vulnerability Secret login page location disclosure vulnerability found by Jerome Bruandet in WordPress WPS Hide Login plugin (versions <= 1.5.4.2).
Affected versions
max 1.5.5.
Status
vulnerable

WPS Hide Login # 5ed74f78574a0566fe1ec88455c50385b8b49974

Application

WPS Hide Login

Date
Jul 24, 2019
Research Description
WPS Hide Login [wps-hide-login] < 1.5.3 WordPress WPS Hide Login plugin <= 1.5.2.2 - Multiples Security Issues Multiples Security Issues found by Julio Potier in WordPress WPS Hide Login plugin (versions <= 1.5.2.2).
Affected versions
max 1.5.3.
Status
vulnerable

WPS Hide Login # 4ec814160c4916860c1424ae065c22db0a69a367

Application

WPS Hide Login

Date
Apr 27, 2015
Research Description
WPS Hide Login [wps-hide-login] < 1.1 WordPress WPS Hide Login Plugin <= 1.0 - CSRF This plugin is prone to a cross site request forgery vulnerability. Update the plugin.
Affected versions
max 1.1.
Status
vulnerable

WPS Hide Login # 27b71205a22e1507d20c83e4e13c08d4aa83aae8

Application

WPS Hide Login

Date
Jan 27, 2020
Research Description
WPS Hide Login [wps-hide-login] < 1.5.5 WPS Hide Login <= 1.5.4.2 - Hidden Login Page Location Disclosure The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2.
Affected versions
max 1.5.5.
Status
vulnerable

WPS Hide Login # 2f0c093c-38cc-450d-bac4-0f026c7a9a0f

Application

WPS Hide Login

Date
-
Research Description
WPS Hide Login [wps-hide-login] < 1.5.5 WPS Hide Login &lt; 1.5.5 - Secret Login Page Disclosure fixed a vulnerability in version 1.5.4.2 and below that could allow an attacker to find and access the secret login page.
Affected versions
max 1.5.5.
Status
vulnerable