CVE-2024-6289 Scanner
CVE-2024-6289 scanner - Path Traversal vulnerability in WPS Hide Login
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
30 days
Scan only one
Domain, IPv4
Toolbox
-
WPS Hide Login is a popular WordPress plugin that allows site administrators to hide and customize the login URL for enhanced security. It is used by website owners and developers to mitigate brute-force attacks by masking the login page. It is primarily installed on WordPress websites for added protection against unauthorized access. The plugin is widely used by both small businesses and large organizations managing WordPress-powered websites. By changing the default login URL, it reduces the chances of attackers targeting the login page directly.
The Path Traversal vulnerability in WPS Hide Login plugin allows unauthenticated users to access the hidden login page. It arises due to the plugin's failure to prevent redirects via the auth_redirect function. This flaw exposes WordPress sites using the plugin to unauthorized access attempts. It affects versions prior to 1.9.16.4.
The vulnerability resides in the auth_redirect function of the WPS Hide Login plugin. When this function is not adequately protected, attackers can exploit it to force a redirect, exposing the hidden login page. Affected versions do not block unauthenticated visitors from accessing this login page via specific crafted URLs. The plugin's security mechanism intended to hide the login page is bypassed, allowing unauthorized users to locate and potentially attempt brute-force login attacks. This issue is addressed in version 1.9.16.4.
If exploited, malicious users can discover the hidden login page, increasing the likelihood of brute-force attacks on WordPress websites. This can result in unauthorized access to the site's backend, allowing attackers to modify website content, steal sensitive data, or compromise the entire system. Furthermore, successful exploitation could lead to downtime or further exploitation of other vulnerabilities present on the site.
S4E platform offers comprehensive monitoring of your WordPress installations for vulnerabilities like the Path Traversal in WPS Hide Login. By using our platform, you can stay ahead of potential attackers, receive instant notifications of vulnerabilities, and access actionable remediation steps to protect your digital assets. Join S4E today to ensure your WordPress sites are secured from common and emerging threats, with real-time scans and a detailed reporting system.
References: