Whattheslime

**Name of the Vulnerable Software and Affected Versions** WPS Hide Login plugin for WordPress versions up to, and including, 1.9.15.2 **Description** The issue is related to a bypass that allows attackers to discover hidden login pages when the `action` parameter is set to `postpass`. This makes it possible for attackers to easily find any login page that may have been hidden by the plugin. **Recommendations** For versions up to, and including, 1.9.15.2, consider disabling the plugin until a patch is available to prevent exploitation. As a temporary workaround, avoid using the `action=postpass` parameter in affected API endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.