CVE-2024-37881
published 2024-06-19CVE-2024-37881: SiteGuard WP Plugin provides a functionality to customize the path to the login page wp-login.php and implements a measure to avoid redirection from other…
PriorityP336medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
1.17%
63.6th percentile
SiteGuard WP Plugin provides a functionality to customize the path to the login page wp-login.php and implements a measure to avoid redirection from other URLs. However, SiteGuard WP Plugin versions prior to 1.7.7 missed to implement a measure to avoid redirection from wp-register.php. As a result, the customized path to the login page may be exposed.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eg_secure_solutions_inc | siteguard_wp_plugin | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
SiteGuard WP Plugin <= 1.7.6 - Login Page Disclosure
nuclei·CVSS 5.3
CVE-2024-37881 [MEDIUM] SiteGuard WP Plugin <= 1.7.6 - Login Page Disclosure
SiteGuard WP Plugin <= 1.7.6 - Login Page Disclosure
The SiteGuard WP Plugin plugin for WordPress is vulnerable to protection mechanism bypass in all versions up to, and including, 1.7.6. This is due to the plugin not restricting redirects from wp-register.php which may disclose the login page URL. This makes it possible for unauthenticated attackers to gain access to the login page.
Template:
id: CVE-2024-37881
info:
name: SiteGuard WP Plugin <= 1.7.6 - Login Page Disclosure
author: s4e-io
severity: medium
description: |
The SiteGuard WP Plugin plugin for WordPress is vulnerable to protection mechanism bypass in all versions up to, and including, 1.7.6. This is due to the plugin not restricting redirects from wp-register.php which may disclose the login page URL. This makes it possibl
No writeups or analysis indexed.
https://jvn.jp/en/jp/JVN60331535/https://plugins.trac.wordpress.org/changeset/3094238/siteguard/trunk/classes/siteguard-rename-login.php?old=2888160&old_path=siteguard%2Ftrunk%2Fclasses%2Fsiteguard-rename-login.phphttps://www.jp-secure.com/siteguard_wp_plugin_en/vuls/WPV2024001_en.htmlhttps://jvn.jp/en/jp/JVN60331535/https://plugins.trac.wordpress.org/changeset/3094238/siteguard/trunk/classes/siteguard-rename-login.php?old=2888160&old_path=siteguard%2Ftrunk%2Fclasses%2Fsiteguard-rename-login.phphttps://www.jp-secure.com/siteguard_wp_plugin_en/vuls/WPV2024001_en.html
2024-06-19
Published