CyStack logo
  • Products & Services
  • Solutions
  • Pricing
  • Company
  • Resources
En

en

View all Vulnerabilities

WPS Hide Login <= 1.9.15.2 - Login Page Disclosure

Description

The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin.

Remediation

Update WPS Hide Login plugin to a version newer than 1.9.15.2.

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NCWE-200

Published Date

2026-02-27 03:09:50

Try Deep Scan Version

Give your DevOps team the freedom to innovate and create outstanding products without being held back by security concerns.