Vulnerabilities > CVE-2020-36710 - Incorrect Authorization vulnerability in Wpserveur WPS Hide Login
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://blog.nintechnet.com/wordpress-wps-hide-login-fixed-security-issue/
- https://blog.nintechnet.com/wordpress-wps-hide-login-fixed-security-issue/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/7808329f-1688-480c-a83c-c4ab2fa86da6?source=cve
- https://www.wordfence.com/threat-intel/vulnerabilities/id/7808329f-1688-480c-a83c-c4ab2fa86da6?source=cve