Defender Security < 4.1.0 - Protection Bypass (Hidden Login Page)
Sprocket's own Juan Pablo Gomez Postigo discovers a major vulnerability affecting Wordpress.
"The plugin does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled."
See the Vulnerability on WP Scan
Media Contact
Marketing,
Sprocket Security
marketing@sprocketsecurity.com
Continuous Human & Automated Security
Continuously monitor your attack surface with advanced change detection. Upon change, testers and systems perform security testing. You are alerted and assisted in remediation efforts all contained in a single security application, the Sprocket Platform.