WordPress Plugin Vulnerabilities

WPS Hide Login 1.0 - CSRF

Description

CSRF security issue when saving option value in single site and multisite mode.

Affects Plugins

Plugin icon
wps-hide-login
Fixed in 1.1

References

CVE
CVE-2015-9498

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
8.8 (high)

Miscellaneous

Submitter
pvdl
Verified
No
WPVDB ID
ab4de351-619e-45e9-a821-e65960f3c8f6

Timeline

Publicly Published
2015-04-27 (about 11 years ago)
Added
2015-05-27 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2023-12-07
Title
BC Menu Bar Cart Icon For WooCommerce By Binary Carpenter <= 1.49.3 - Cross-Site Request Forgery
Published
2025-08-14
Title
WPDM – Premium Packages < 6.0.3 - Cross-Site Request Forgery
Published
2023-11-07
Title
Category Post List Widget <= 2.0 - Settings Update to Stored XSS via CSRF
Published
2024-06-22
Title
CM Email Registration Blacklist and Whitelist < 1.4.9 - Add/Delete Emails via CSRF Add and delete any item from blacklist/whitelist
Published
2025-04-24
Title
Zalo Official Live Chat <= 1.0.0 - Cross-Site Request Forgery