Vulnerability Description
The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wpmudev | Defender Security | < 4.1.0 |
References
- https://wpscan.com/vulnerability/2b547488-187b-44bc-a57d-f876a7d4c87dExploitThird Party Advisory
- https://www.sprocketsecurity.com/resources/discovering-wp-admin-urls-in-wordpresExploitThird Party Advisory
- https://wpscan.com/vulnerability/2b547488-187b-44bc-a57d-f876a7d4c87dExploitThird Party Advisory
- https://www.sprocketsecurity.com/resources/discovering-wp-admin-urls-in-wordpresExploitThird Party Advisory
FAQ
What is CVE-2023-5089?
CVE-2023-5089 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page,...
How severe is CVE-2023-5089?
CVE-2023-5089 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-5089?
Check the references section above for vendor advisories and patch information. Affected products include: Wpmudev Defender Security.