Vulnerability Description
The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wpserveur | Wps Hide Login | <= 1.5.4.2 |
Related Weaknesses (CWE)
References
- https://blog.nintechnet.com/wordpress-wps-hide-login-fixed-security-issue/Exploit
- https://www.wordfence.com/threat-intel/vulnerabilities/id/7808329f-1688-480c-a83Third Party Advisory
- https://blog.nintechnet.com/wordpress-wps-hide-login-fixed-security-issue/Exploit
- https://www.wordfence.com/threat-intel/vulnerabilities/id/7808329f-1688-480c-a83Third Party Advisory
FAQ
What is CVE-2020-36710?
CVE-2020-36710 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to b...
How severe is CVE-2020-36710?
CVE-2020-36710 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-36710?
Check the references section above for vendor advisories and patch information. Affected products include: Wpserveur Wps Hide Login.