cbcvebase.

Wpplugins Hide My Wp Ghost vulnerabilities

7 known vulnerabilities affecting wpplugins/hide_my_wp_ghost.

Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2024-6420P2HIGHCVSS 8.6PoCfixed in 5.2.022024-07-23
CVE-2024-6420 [HIGH] CWE-203 CVE-2024-6420: The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.
nvd
CVE-2025-26909P3CRITICALCVSS 9.8fixed in 5.4.022025-03-27
CVE-2025-26909 [CRITICAL] CWE-98 CVE-2025-26909: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows PHP Local File Inclusion.This issue affects Hide My WP Ghost: from n/a through <= 5.4.01.
nvd
CVE-2025-2056P3HIGHCVSS 7.5fixed in 5.4.022025-03-14
CVE-2025-2056 [HIGH] CWE-23 CVE-2025-2056: The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Path Tra The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 5.4.01 via the showFile function. This makes it possible for unauthenticated attackers to read the contents of specific file types on the server, which can contain sensitive information.
nvd
CVE-2022-4537P4MEDIUMCVSS 6.5≤ 5.0.182023-05-09
CVE-2022-4537 [MEDIUM] CWE-348 CVE-2022-4537: The Hide My WP Ghost – Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing in The Hide My WP Ghost – Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.0.18. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Ad
nvd
CVE-2024-13794P4MEDIUMCVSS 5.3fixed in 5.4.012025-02-12
CVE-2024-13794 [MEDIUM] CWE-693 CVE-2024-13794: The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Login Pa The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Login Page Dislcosure in all versions up to, and including, 5.3.02. This is due to the plugin not properly restricting the /wp-register.php path. This makes it possible for unauthenticated attackers to discover the hidden login page location.
nvd
CVE-2023-34001P4MEDIUMCVSS 5.3fixed in 5.0.262024-06-04
CVE-2023-34001 [MEDIUM] CWE-307 CVE-2023-34001: Improper Restriction of Excessive Authentication Attempts vulnerability in WPPlugins – WordPress Sec Improper Restriction of Excessive Authentication Attempts vulnerability in WPPlugins – WordPress Security Plugins Hide My WP Ghost allows Functionality Bypass.This issue affects Hide My WP Ghost: from n/a through 5.0.25.
nvd
CVE-2024-10825P4MEDIUMCVSS 6.1fixed in 5.3.022024-11-15
CVE-2024-10825 [MEDIUM] CWE-79 CVE-2024-10825: The Hide My WP Ghost – Security & Firewall plugin for WordPress is vulnerable to Reflected Cross-Sit The Hide My WP Ghost – Security & Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL in all versions up to, and including, 5.3.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can succ
nvd
Wpplugins Hide My Wp Ghost vulnerabilities | cvebase