Nicholas Mun

**Name of the Vulnerable Software and Affected Versions** The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress versions up to, and including, 5.3.02 **Description** The issue is due to the plugin not properly restricting the "/wp-register.php" path, making it possible for unauthenticated attackers to discover the hidden login page location. This was discovered when fuzzing a WordPress site with the plugin, and a wordlist containing "/wp-register.php" caused a 302, exposing the login page. **Recommendations** For versions up to, and including, 5.3.02, consider restricting access to the "/wp-register.php" path to minimize the risk of exploitation. As a temporary workaround, consider disabling the plugin until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Sassy Social Share plugin for WordPress versions up to, and including, 3.3.3 **Description** The issue is related to Reflected Cross-Site Scripting via the `urls` parameter called via the `heateor sss sharing count` AJAX action due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. **Recommendations** For versions up to, and including, 3.3.3, update to a version higher than 3.3.3 to resolve the issue. As a temporary workaround, consider restricting access to the `heateor sss sharing count` AJAX action until a patch is available. Avoid using the `urls` parameter in the affected AJAX endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WPS Hide Login plugin for WordPress versions up to, and including, 1.9.15.2 **Description** The issue is related to a bypass that allows attackers to discover hidden login pages when the `action` parameter is set to `postpass`. This makes it possible for attackers to easily find any login page that may have been hidden by the plugin. **Recommendations** For versions up to, and including, 1.9.15.2, consider disabling the plugin until a patch is available to prevent exploitation. As a temporary workaround, avoid using the `action=postpass` parameter in affected API endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.