Vulnerabilities > CVE-2023-5089 - Unspecified vulnerability in Wpmudev Defender Security
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 7 |
References
- https://wpscan.com/vulnerability/2b547488-187b-44bc-a57d-f876a7d4c87d
- https://wpscan.com/vulnerability/2b547488-187b-44bc-a57d-f876a7d4c87d
- https://www.sprocketsecurity.com/resources/discovering-wp-admin-urls-in-wordpress-with-gravityforms
- https://www.sprocketsecurity.com/resources/discovering-wp-admin-urls-in-wordpress-with-gravityforms