cleantalk
Vulnerabilities and Security Researches

WPS Hide Login, CVE-2021-24917

CVE, Research URL

CVE-2021-24917

Home page URL

Security reports for WPS Hide Login

Application

WPS Hide Login

Published on
Dec 06, 2021
Research Description
The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user.
Affected versions
max 1.9.1.
Status
vulnerable
Previous vulnerability researches
WPS Hide Login , Dec 26, 2024
WPS Hide Login (CVE-2015-9498) , Jun 07, 2024
WPS Hide Login (CVE-2019-15824) , Jun 07, 2024
WPS Hide Login (CVE-2019-15823) , Jun 07, 2024
WPS Hide Login (CVE-2019-15825) , Jun 07, 2024
New vulnerability
Ultimate Addons for Contact Form 7 (CVE-2025-14356) , Dec 22, 2025
GitHub Gist Shortcode Plugin (CVE-2025-12667) , Dec 12, 2025
Cryptocurrency Payment Gateway for WooCommerce (CVE-2025-12392) , Dec 12, 2025
Wbcom Designs – Private Community for BuddyPress (CVE-2025-67582) , Dec 12, 2025
WP-Walla (CVE-2025-12589) , Dec 12, 2025