1. CVE-Search
  2. CVE-2021-24917
ID CVE-2021-24917
Summary The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user.
References
Vulnerable Configurations
  • cpe:2.3:a:wpserveur:wps_hide_login:-:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:-:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.0:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.0:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.1.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.1.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.1.2:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.1.2:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.1.3:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.1.3:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.1.4:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.1.4:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.1.5:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.1.5:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.1.6:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.1.6:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.1.7:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.1.7:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.2:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.2:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.2.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.2.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.2.2:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.2.2:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.2.3:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.2.3:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.2.3.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.2.3.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.2.4:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.2.4:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.2.5:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.2.5:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.2.5.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.2.5.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.2.6:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.2.6:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.2.6.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.2.6.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.2.7:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.2.7:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.3:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.3:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.3.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.3.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.3.2:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.3.2:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.3.3:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.3.3:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.3.4:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.3.4:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.3.4.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.3.4.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.3.4.2:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.3.4.2:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.4:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.4:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.4.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.4.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.4.2:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.4.2:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.4.3:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.4.3:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.4.4:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.4.4:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.4.5:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.4.5:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.5:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.5:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.5.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.5.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.5.2:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.5.2:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.5.2.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.5.2.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.5.2.2:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.5.2.2:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.5.3:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.5.3:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.5.4:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.5.4:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.5.4.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.5.4.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.5.4.2:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.5.4.2:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:wpserveur:wps_hide_login:1.6.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:wpserveur:wps_hide_login:1.6.1:*:*:*:*:wordpress:*:*
CVSS
Base: 5.0 (as of 03-01-2022 - 13:15)
Impact:
Exploitability:
CWE CWE-863
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
Last major update 03-01-2022 - 13:15
Published 06-12-2021 - 16:15
Last modified 03-01-2022 - 13:15
Back to Top