PT-2023-31704 · WordPress · Defender Security

Juan Pablo Gomez Postigo

Publicado

2023-10-16

Atualizado

2026-03-16

CVE-2023-5089

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Defender Security WordPress plugin versions prior to 4.1.0

Description The issue allows an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled, due to the plugin not preventing redirects to the login page via the auth redirect WordPress function.

Recommendations For versions prior to 4.1.0, update to version 4.1.0 or later to resolve the issue. As a temporary workaround, consider disabling the hide login page functionality until a patch is available. Restrict access to the login page to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2023-5089

Produtos afetados

Defender Security

PT-2023-31704 · WordPress · Defender Security

CVE-2023-5089

Identificadores relacionados

Produtos afetados

Referências · 9