WPS Hide Login WordPress Plugin disclosed the concealed login page’s location, negating the plugin’s goal.
WPS Hide Login is one of the popular WordPress security plugin with over 1 million active installations that lets you easily and safely change the URL of the login form page to anything you want. It simply intercepts page requests and redirects the user to the defined page. This plugin make wp-admin directory and wp-login.php page inaccessible and the same can be restored by deactivating it.
Vulnerability
WPS Hide Login WordPress plugin recently fixed a vulnerability that exposed users’ private login page. The vulnerability allows a hostile hacker to undermine the plugin’s objective, exposing the site to an assault for password and login unlocking.
The vulnerability was classified as a high-level exploit by the US Government’s National Vulnerability Database rating it 7.5 on a scale of 10.
Proof of Concept
Daniel Ruf in his blog post dated 12-Nov-21 exposed the vulnerability in the plugin.
He explains the bug in plugin which allows to get the private login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user.
curl –referer “something” -sIXGET https://example.com/wp-admin/options.phpHTTP/2 302 …location: https://example.com/secret-login/?redirect_to=%2Fwp-admin%2Fsomething&reauth=1 WPS Hide Login Vulnerability Patched
Authors of the plugin addressed the issue in their release WPS Hide Login 1.9.1. In their Changelog they have mentioned –
Fix : by-pass security issue allowing an unauthenticated user to get login page by setting a random referer string via curl request.
As I write they have already released WPS Hide Login 1.9.2
Solution
Update the WordPress plugin to the latest available version WPS Hide Login 1.9.2.
How to Update
If you manage your WordPress website on your own, you may update it using the techniques outlined below —
- Login to WordPress Admin
- On the left side menu click on the link Plugins. You will see all the installed plugins.
- Scroll to down to see WPS Hide Login 1.9. WordPress automatically keep check of all available update. The background color is Red and an update link underneath.
- Just click on the Update link, wait till the background color changes to Green. Once done you will see the latest version changed to 1.9.2
It also really important to maintain your WordPress website regularly. To read more visit Tips To Maintain Your WordpPress Website.
I hope this post has helped you. If you find any problem then pl. write back to me at contact@growthtechnosoft.com. Will be happy to help you further.
Citations
you shall pass – secret login URL leaked by WordPress-Plugin – Daniel Ruf
https://blog.daniel-ruf.de/you-shall-pass-secret-login-url-leaked/
US Government National Vulnerability Database
CVE-2021-24917 Detail
WPScan Report of WPS Hide Login Vulnerability
WPS Hide Login < 1.9.1 – Protection Bypass with Referer-Header