Security Advisory

CVE-2023-5089

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-10-16 19:39:25

Last updated 2025-04-23 16:10:59

Assigner WPScan

State PUBLISHED

Description

The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.

← Browse all CVEs View on cve.org ↗