Wpplugins Hide My Wp Ghost vulnerabilities
7 known vulnerabilities affecting wpplugins/hide_my_wp_ghost.
Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2024-6420P2HIGHCVSS 8.6PoCfixed in 5.2.022024-07-23
CVE-2024-6420 [HIGH] CWE-203 CVE-2024-6420: The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via
The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.
nvd
CVE-2025-26909P3CRITICALCVSS 9.8fixed in 5.4.022025-03-27
CVE-2025-26909 [CRITICAL] CWE-98 CVE-2025-26909: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows PHP Local File Inclusion.This issue affects Hide My WP Ghost: from n/a through <= 5.4.01.
nvd
CVE-2025-2056P3HIGHCVSS 7.5fixed in 5.4.022025-03-14
CVE-2025-2056 [HIGH] CWE-23 CVE-2025-2056: The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Path Tra
The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 5.4.01 via the showFile function. This makes it possible for unauthenticated attackers to read the contents of specific file types on the server, which can contain sensitive information.
nvd
CVE-2022-4537P4MEDIUMCVSS 6.5≤ 5.0.182023-05-09
CVE-2022-4537 [MEDIUM] CWE-348 CVE-2022-4537: The Hide My WP Ghost – Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing in
The Hide My WP Ghost – Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.0.18. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Ad
nvd
CVE-2024-13794P4MEDIUMCVSS 5.3fixed in 5.4.012025-02-12
CVE-2024-13794 [MEDIUM] CWE-693 CVE-2024-13794: The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Login Pa
The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Login Page Dislcosure in all versions up to, and including, 5.3.02. This is due to the plugin not properly restricting the /wp-register.php path. This makes it possible for unauthenticated attackers to discover the hidden login page location.
nvd
CVE-2023-34001P4MEDIUMCVSS 5.3fixed in 5.0.262024-06-04
CVE-2023-34001 [MEDIUM] CWE-307 CVE-2023-34001: Improper Restriction of Excessive Authentication Attempts vulnerability in WPPlugins – WordPress Sec
Improper Restriction of Excessive Authentication Attempts vulnerability in WPPlugins – WordPress Security Plugins Hide My WP Ghost allows Functionality Bypass.This issue affects Hide My WP Ghost: from n/a through 5.0.25.
nvd
CVE-2024-10825P4MEDIUMCVSS 6.1fixed in 5.3.022024-11-15
CVE-2024-10825 [MEDIUM] CWE-79 CVE-2024-10825: The Hide My WP Ghost – Security & Firewall plugin for WordPress is vulnerable to Reflected Cross-Sit
The Hide My WP Ghost – Security & Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL in all versions up to, and including, 5.3.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can succ
nvd