QwikSec

Security Database

CVE

CWE

Training

CVE-2023-5089

Published: Oct 16, 2023

Modified: Apr 23, 2025

PUBLISHED

Description

The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.

Vendor	Product	Versions
Unknown	Defender Security	affected `0 - < 4.1.0`

References

https://wpscan.com/vulnerability/2b547488-187b-44bc-a57d-f876a7d4c87d

exploit

vdb-entry

technical-description

https://www.sprocketsecurity.com/resources/discovering-wp-admin-urls-in-wordpress-with-gravityforms

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.