cbcvebase.
CVE-2024-2473
published 2024-06-11

CVE-2024-2473: The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is…

PriorityP279medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.23%
65.3th percentile
The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin.

Affected

2 ranges
VendorProductVersion rangeFixed in
tabrisrpwps_hide_login<= 1.9.15.2
wpserveurwps_hide_login< 1.9.161.9.16

Detection & IOCsextracted from sources · hover to see the quote

url/wp-admin/?action=postpass
otheraction=postpass
  • Detect exploitation attempts by monitoring for POST requests to /wp-admin/ with the query parameter action=postpass, which bypasses the WPS Hide Login plugin's login page concealment.
  • A successful bypass results in an HTTP 302 redirect response containing a Location header with 'reauth=1' or '/login', indicating the hidden login page has been disclosed.
  • Monitor for requests matching the lostpassword action pattern in form submissions, as the nuclei template also targets action values containing 'lostpassword' in the response body.
  • ·The bypass affects all versions of WPS Hide Login up to and including 1.9.15.2; sites running this version range are vulnerable regardless of their configured hidden login path.

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.