CVE-2024-6289 Information

Description

The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function allowing an unauthenticated visitor to access the hidden login page.

Reference

https://wpscan.com/vulnerability/fd6d0362-df1d-4416-b8b5-6e5d0ce84793/