Wpmudev Defender Security vulnerabilities
3 known vulnerabilities affecting wpmudev/defender_security.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2023-5089P3MEDIUMCVSS 5.3PoCfixed in 4.1.02023-10-16
CVE-2023-5089 [MEDIUM] CWE-209 CVE-2023-5089: The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via
The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.
nvd
CVE-2023-51490P3HIGHCVSS 7.5≤ 4.1.02024-01-08
CVE-2023-51490 [HIGH] CWE-532 CVE-2023-51490: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Securi
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a through 4.1.0.
nvd
CVE-2021-4425P4MEDIUMCVSS 4.3≤ 2.4.62023-07-12
CVE-2021-4425 [MEDIUM] CWE-352 CVE-2021-4425: The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions u
The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verify_otp_login_time() function. This makes it possible for unauthenticated attackers to verify a one time login via a forged request granted they can trick a site
nvd