The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Login Page Dislcosure in all versions up to, and including, 5.3.02. This is due to the plugin not properly restricting the /wp-register.php path. This makes it possible for unauthenticated attackers to discover the hidden login page location.
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Hide_my_wp_ghost | Wpplugins | * | 5.4.01 (excluding) |