Unauthenticated Access to Login Page in Defender Security WordPress Plugin

Unauthenticated Access to Login Page in Defender Security WordPress Plugin

CVE-2023-5089 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.

Learn more about our Wordpress Pen Testing.