https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/
WPS Limit Login is edited by WP Serveur, WordPress french host. Criticity level for this update is low. Protection ByPass #1 File : /classes/plugins.php Lines : 427 Issue : If the URL contains “action=confirmaction” it’s enough to acces the login page. Demo : https://example.com/wp-login.php?SECUPRESSaction=confirmaction Protection ByPass #2 File : /classes/plugins.php Lines : 477-480 Issue : […]
The post WPS Hide Login v1.5.2.2 Multiples Vulnerabilities appeared first on SecuPress.
Source: Security Feed