WordPress Plugin Vulnerabilities

SiteGuard WP Plugin < 1.7.7 - Login Page Disclosure

Description

The plugin is vulnerable to protection mechanism bypass due to the plugin not restricting redirects from wp-register.php which may disclose the login page URL. This makes it possible for unauthenticated attackers to gain access to the login page.

Affects Plugins

Plugin icon
siteguard
Fixed in 1.7.7

References

CVE
CVE-2024-37881
URL
https://jvn.jp/en/jp/JVN60331535/
URL
https://www.jp-secure.com/siteguard_wp_plugin_en/vuls/WPV2024001_en.html

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Yuuta Watanabe
Verified
No
WPVDB ID
63a19e82-97cb-4796-8959-c86459527e48

Timeline

Publicly Published
2024-06-21 (about 1 year ago)
Added
2024-06-24 (about 1 year ago)
Last Updated
2024-06-24 (about 1 year ago)

Other

Published
Title
Published
2022-09-29
Title
Media Library Assistant < 3.01 - Unauthenticated Error Log Access
Published
2024-11-20
Title
Sky Addons for Elementor < 2.6.2 - Authenticated (Contributor+) Sensitive Information Exposure via Content Switcher Widget Elementor Template
Published
2024-02-20
Title
PeproDev Ultimate Invoice < 1.9.8 - Unauthenticated Arbitrary Invoice Access
Published
2024-12-07
Title
WP Mailster < 1.8.17.0 - Unauthenticated Sensitive Information Exposure
Published
2025-10-10
Title
WP Gmail SMTP <= 1.0.7 - Sensitive Information Exposure