Unrated severityNVD Advisory· Published Feb 12, 2025· Updated Apr 8, 2026
Hide My WP Ghost – Security & Firewall <= 5.3.02 - Unauthenticated Login Page Disclosure
CVE-2024-13794
Description
The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Login Page Dislcosure in all versions up to, and including, 5.3.02. This is due to the plugin not properly restricting the /wp-register.php path. This makes it possible for unauthenticated attackers to discover the hidden login page location.
Affected products
3- Range: <=5.3.02
- johndarrel/WP Ghost (Hide My WP Ghost) – Security & Firewallv5Range: 0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.