CVE-2024-37881

June 19, 2024, 7:15 a.m.

None
No Score

Description

SiteGuard WP Plugin provides a functionality to customize the path to the login page wp-login.php and implements a measure to avoid redirection from other URLs. However, SiteGuard WP Plugin versions prior to 1.7.7 missed to implement a measure to avoid redirection from wp-register.php. As a result, the customized path to the login page may be exposed.

Product(s) Impacted

Product Versions
SiteGuard WP Plugin
  • ['before 1.7.7']

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://jvn.jp/en/jp/JVN60331535/
https://plugins.trac.wordpress.org/changeset/3094238/siteguard/trunk/classes/siteguard-rename-login.php?old=2888160&old_path=siteguard%2Ftrunk%2Fclasses%2Fsiteguard-rename-login.php
https://www.jp-secure.com/siteguard_wp_plugin_en/vuls/WPV2024001_en.html

Tags

vultures@jpcert.or.jp
2024-06-19
CVE-2024-37881

Timeline

Published: June 19, 2024, 7:15 a.m.
Last Modified: June 19, 2024, 7:15 a.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

vultures@jpcert.or.jp

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.