WordPress Plugin Vulnerabilities

Defender Security < 4.2.1 - Masked Login Area Security Feature Bypass

Description

The Defender Security – Malware Scanner, Login Security & Firewall plugin for WordPress is vulnerable to security feature bypass in all versions up to, and including, 4.2.0. This is due to an unspecified issue. This makes it possible for unauthenticated attackers to bypass the login masking security feature.

Affects Plugins

Plugin icon
defender-security
Fixed in 4.2.1

References

CVE
CVE-2023-47189
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/66122be6-7c28-44cc-a8dd-7b2ec64346f7

Miscellaneous

Original Researcher
Naveen Muthusamy
Verified
No
WPVDB ID
5891ee99-faa3-49e8-a3e8-27556a24eeb1

Timeline

Publicly Published
2023-11-03 (about 2 years ago)
Added
2023-11-24 (about 2 years ago)
Last Updated
2023-11-24 (about 2 years ago)

Other

Published
Title
Published
2023-05-30
Title
Nested Pages < 3.2.4 - Editor+ Plugin Settings Reset
Published
2024-10-09
Title
ivalt plugin contains malicious JS <= 1.0.0
Published
2024-10-14
Title
BuddyPress Better Registration <= 1.6 - Authentication Bypass to Administrator
Published
2019-02-04
Title
Instagram Feed < 1.12 - Unspecified Issues
Published
2013-06-21
Title
WordPress 3.4-3.5.1 DoS in class-phpass.php