T
he Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.
References
| Link | Resource |
|---|---|
| https://wpscan.com/vulnerability/dfda6577-81aa-4397-a2d6-1d736f9ebd44/ | Exploit Third Party Advisory |
| https://wpscan.com/vulnerability/dfda6577-81aa-4397-a2d6-1d736f9ebd44/ | Exploit Third Party Advisory |
Configurations
History
25 Aug 2025, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page. |
29 May 2025, 16:08
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:wpplugins:hide_my_wp_ghost:*:*:*:*:*:wordpress:*:* | |
| CWE | NVD-CWE-noinfo | |
| References | () https://wpscan.com/vulnerability/dfda6577-81aa-4397-a2d6-1d736f9ebd44/ - Exploit, Third Party Advisory | |
| First Time |
Wpplugins
Wpplugins hide My Wp Ghost |
21 Nov 2024, 09:49
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://wpscan.com/vulnerability/dfda6577-81aa-4397-a2d6-1d736f9ebd44/ - |
01 Aug 2024, 14:00
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-07-23 06:15
Updated : 2025-08-25 15:15
NVD link : CVE-2024-6420
Mitre link : CVE-2024-6420
CVE.ORG link : CVE-2024-6420
JSON object : View
Products Affected
CWE