Main Vulnerability Database Vulnerabilities #VU24678

#VU24678 Security Features in WPS Hide Login

Published: January 27, 2020

Vulnerability identifier: #VU24678

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
WPS Hide Login

Software vendor:
Rémy Perona

Description

The vulnerability allows a remote attacker to find and access the secret login page.

The vulnerability exists in the "plugins_loaded" function due to some REQUEST_URI occurrences aren’t decoded using the "rawurldecode" function. A remote attack can encode substrings in the URL in order to evade the detection and gain access to the hidden login page.

Remediation

Install updates from vendor's website.

External links

https://wpvulndb.com/vulnerabilities/10046/
https://blog.nintechnet.com/wordpress-wps-hide-login-fixed-security-issue/

#VU24678 Security Features in WPS Hide Login

Description

Remediation

External links

Please verify you're human