Vulnerabilities > CVE-2021-36917 - Missing Authorization vulnerability in Wpwave Hide MY WP 6.2.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user. It is possible to retrieve a reset token which can then be used to deactivate the plugin.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://codecanyon.net/item/hide-my-wp-amazing-security-plugin-for-wordpress/4177158
- https://codecanyon.net/item/hide-my-wp-amazing-security-plugin-for-wordpress/4177158
- https://patchstack.com/database/vulnerability/hide-my-wp/wordpress-hide-my-wp-premium-plugin-6-2-3-unauthenticated-plugin-deactivation-vulnerability
- https://patchstack.com/database/vulnerability/hide-my-wp/wordpress-hide-my-wp-premium-plugin-6-2-3-unauthenticated-plugin-deactivation-vulnerability
- https://patchstack.com/hide-my-wp-vulnerabilities-fixed/
- https://patchstack.com/hide-my-wp-vulnerabilities-fixed/