VYPR
Unrated severityNVD Advisory· Published Feb 12, 2025· Updated Apr 8, 2026

Hide My WP Ghost – Security & Firewall <= 5.3.02 - Unauthenticated Login Page Disclosure

CVE-2024-13794

Description

The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Login Page Dislcosure in all versions up to, and including, 5.3.02. This is due to the plugin not properly restricting the /wp-register.php path. This makes it possible for unauthenticated attackers to discover the hidden login page location.

Affected products

3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.