cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10825,https://securityvulnerability.io/vulnerability/CVE-2024-10825,Unprotected Against Reflected Cross-Site Scripting (RCS),"The Hide My WP Ghost – Security & Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL in all versions up to, and including, 5.3.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link.",Wordpress,Hide My WP Ghost – Security & Firewall,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-11-15T06:48:04.243Z,0
CVE-2024-6420,https://securityvulnerability.io/vulnerability/CVE-2024-6420,Unauthenticated Access to Hidden Login Page via Auth_Redirect Function,"The Hide My WP Ghost  WordPress plugin before 5.2.02 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.",Wordpress,Hide My WP Ghost,,,0.0005300000193528831,false,,false,false,true,true,false,false,2024-07-23T06:00:03.289Z,0
CVE-2023-34001,https://securityvulnerability.io/vulnerability/CVE-2023-34001,Improper Restriction of Excessive Authentication Attempts vulnerability in Hide My WP Ghost,"The Hide My WP Ghost security plugin, developed by WPPlugins, has exhibited a vulnerability due to improper restriction of excessive authentication attempts. This flaw enables attackers to bypass intended security measures, potentially leading to unauthorized access and manipulation of the site's functionalities. Versions from n/a to 5.0.25 are impacted, which underscores the importance of timely upgrades and patches to mitigate exploitation risks.",Wordpress,Hide My WP Ghost,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-04T07:09:44.976Z,0
CVE-2022-4537,https://securityvulnerability.io/vulnerability/CVE-2022-4537,IP Address Spoofing Vulnerability in Hide My WP Ghost Security Plugin for WordPress,"The Hide My WP Ghost – Security Plugin for WordPress is susceptible to IP Address Spoofing due to inadequate restrictions governing the retrieval of IP address information for request logging and login limit enforcement. This vulnerability enables attackers to manipulate the X-Forwarded-For header to present a misleading IP address, which may subsequently bypass any settings that would normally prevent that IP from accessing the system. As a result, unauthorized users can gain access where they should otherwise be blocked.",Wordpress,Hide My WP Ghost – Security Plugin,6.5,MEDIUM,0.0008699999889358878,false,,false,false,false,,false,false,2023-05-09T02:47:14.059Z,0