cleantalk
Vulnerabilities and Security Researches

WPS Hide Login, CVE-2024-2473

CVE, Research URL

CVE-2024-2473

Home page URL

Security reports for WPS Hide Login

Application

WPS Hide Login

Published on
Jun 11, 2024
Research Description
The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin.
Affected versions
max 1.9.16.
Status
vulnerable
Previous vulnerability researches
WPS Hide Login , Dec 26, 2024
WPS Hide Login (CVE-2015-9498) , Jun 07, 2024
WPS Hide Login (CVE-2019-15824) , Jun 07, 2024
WPS Hide Login (CVE-2019-15823) , Jun 07, 2024
WPS Hide Login (CVE-2019-15825) , Jun 07, 2024
New vulnerability
Ultimate Addons for Contact Form 7 (CVE-2025-14356) , Dec 22, 2025
GitHub Gist Shortcode Plugin (CVE-2025-12667) , Dec 12, 2025
Cryptocurrency Payment Gateway for WooCommerce (CVE-2025-12392) , Dec 12, 2025
Wbcom Designs – Private Community for BuddyPress (CVE-2025-67582) , Dec 12, 2025
WP-Walla (CVE-2025-12589) , Dec 12, 2025