WordPress Plugin Vulnerabilities

WP Hardening – Fix Your WordPress Security < 1.2.7 - Unauthenticated Security Feature Bypass to Username Enumeration

Description

The WP Hardening – Fix Your WordPress Security plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 1.2.6. This is due to use of an incorrect regular expression within the "Stop User Enumeration" feature. This makes it possible for unauthenticated attackers to bypass intended security restrictions and expose site usernames.

Affects Plugins

Plugin icon
wp-security-hardening
Fixed in 1.2.7

References

CVE
CVE-2024-6641
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/7a52a278-1729-4027-8a00-e9804fa6698b

Miscellaneous

Original Researcher
Felipe Caon
Verified
No
WPVDB ID
be38cbf8-5357-42e5-9196-3a5c7a7fcc1d

Timeline

Publicly Published
2024-09-17 (about 1 year ago)
Added
2024-09-18 (about 1 year ago)
Last Updated
2024-09-18 (about 1 year ago)

Other

Published
Title
Published
2026-04-14
Title
Amelia < 2.3 - Unauthenticated Booking Status Manipulation
Published
2023-03-06
Title
Formidable Forms < 6.1 - IP Spoofing
Published
2020-04-11
Title
Tickera WordPress Event Ticketing < 3.4.6.9 - Unauthenticated Sensitive Data Exposure
Published
2019-05-20
Title
FV Flowplayer Video Player < 7.3.15.727 - CSV Export
Published
2020-01-21
Title
WordPress <= 5.2.3 - Hardening Bypass