CVE-2021-24917

Sažetak

The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user.

Reference

https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375
https://wordpress.org/support/topic/bypass-security-issue/

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

17-03-2022 - 19:07

Objavljeno

06-12-2021 - 16:15