CVE-2020-36710

Published: Jun 7, 2023Modified: Apr 8, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2.

Affected (1)

Products: Wpserveur: Wps Hide Login

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wpserveur Wps Hide Login	Up to 1.5.4.2

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (4)

https://blog.nintechnet.com/wordpress-wps-hide-login-fixed-security-issue/

Source: security@wordfence.com

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/7808329f-1688-480c-a83c-c4ab2fa86da6?source=cve

Source: security@wordfence.com

Third Party Advisory

https://blog.nintechnet.com/wordpress-wps-hide-login-fixed-security-issue/

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/7808329f-1688-480c-a83c-c4ab2fa86da6?source=cve

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.