wps-hide-login Plugin up to 1.5.2 on WordPress wp-login.php Referer 7pk security

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in wps-hide-login Plugin up to 1.5.2 on WordPress (WordPress Plugin) and classified as critical. Affected by this issue is an unknown functionality of the file wp-login.php. Upgrading to version 1.5.3 eliminates this vulnerability.

Field08/31/2019 07:48 AM08/10/2020 04:56 PM
namewps-hide-login Pluginwps-hide-login Plugin
version<=1.5.2<=1.5.2
platformWordPressWordPress
filewp-login.phpwp-login.php
argumentRefererReferer
risk22
cvss2_vuldb_basescore7.57.5
cvss2_vuldb_tempscore6.56.5
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss3_meta_basescore7.37.3
cvss3_meta_tempscore7.07.0
cvss3_vuldb_basescore7.37.3
cvss3_vuldb_tempscore7.07.0
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
date1567123200 (08/30/2019)1567123200 (08/30/2019)
price_0day$0-$5k$0-$5k
nameUpgradeUpgrade
upgrade_version1.5.31.5.3
cveCVE-2019-15826CVE-2019-15826
seealso141169 141168 141167141169 141168 141167
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcXX
typeWordPress Plugin
cwe0254 (privilege escalation)
cve_assigned1567036800
cve_nvd_summaryThe wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field.

Do you need the next level of professionalism?

Upgrade your account now!