Description
WordPress Plugin WPS Hide Login is prone to multiple security bypass vulnerabilities. Exploiting these issues may allow attackers to perform otherwise restricted actions and subsequently bypass login protection mechanisms. WordPress Plugin WPS Hide Login version 1.5.2.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.5.3 or latest
References
https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/
https://plugins.svn.wordpress.org/wps-hide-login/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin CiviCRM Multiple Vulnerabilities (5.28.0)
WordPress Plugin Images Slideshow by 2J-Image Slider Unspecified Vulnerability (1.2.15)
Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7890)
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.2)
Artifactory Incorrect Authorization Vulnerability (CVE-2021-45074)