Defender Security < 4.1.0 – Protection Bypass (Hidden Login Page) | CVE 2023-5089

Description

The plugin does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.

Proof of Concept

Example using GravityForms to redirect to the login page:

https://example.com/?gf_page=randomstring

Affects Plugins

defender-security

Fixed in 4.1.0

References

CVE

CVE-2023-5089

URL

https://www.sprocketsecurity.com/resources/discovering-wp-admin-urls-in-wordpress-with-gravityforms

Miscellaneous

Original Researcher

Juan Pablo Gomez Postigo

Submitter

Juan Pablo Gomez Postigo

Submitter website

https://www.sprocketsecurity.com/resources

Submitter twitter

jpgp__

Verified

Yes

WPVDB ID

2b547488-187b-44bc-a57d-f876a7d4c87d

Timeline

Publicly Published

2023-09-06 (about 8 months ago)

Added

2023-09-20 (about 7 months ago)

Last Updated

2023-09-20 (about 7 months ago)

Other

Published

Title

Published

2016-05-06

Title

Yoast SEO <= 3.2.4 - Subscriber Settings Sensitive Data Exposure

Published

2016-04-25

Title

iThemes Security <= 5.3.5 - Lack of Capability Check

Published

2016-12-23

Title

Slider <= 1.1.89 - Authenticated Arbitrary File Deletion

Published

2022-05-30

Title

WP-Email < 2.69.0 - Anti-Spam Protection Bypass via IP Spoofing

Published

2022-07-11

Title

YOP Poll < 6.4.3 - IP Spoofing