VYPR
Vendor

Wpplugins

Products
2
CVEs
8
Across products
8
Status
Private

Products

2

Recent CVEs

8
  • CVE-2025-26909CriMar 27, 2025
    risk 0.62cvss 9.6epss 0.01

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows PHP Local File Inclusion.This issue affects Hide My WP Ghost: from n/a through <= 5.4.01.

  • CVE-2022-4537MedMay 9, 2023
    risk 0.42cvss 6.5epss 0.00

    The Hide My WP Ghost – Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.0.18. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login…

  • CVE-2026-39484MedApr 8, 2026
    risk 0.31cvss 4.7epss 0.00

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through < 7.0.00.

  • CVE-2024-6420Jul 23, 2024
    risk 0.03cvss epss 0.02

    The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.

  • CVE-2024-13794Feb 12, 2025
    risk 0.00cvss epss 0.00

    The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Login Page Dislcosure in all versions up to, and including, 5.3.02. This is due to the plugin not properly restricting the /wp-register.php path. This makes it possible for…

  • CVE-2024-10825Nov 15, 2024
    risk 0.00cvss epss 0.00

    The Hide My WP Ghost – Security & Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL in all versions up to, and including, 5.3.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…

  • CVE-2024-10045Oct 23, 2024
    risk 0.00cvss epss 0.00

    The Transients Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the process_actions function. This makes it possible for unauthenticated attackers to…

  • CVE-2023-34001Jun 4, 2024
    risk 0.00cvss epss 0.00

    Improper Restriction of Excessive Authentication Attempts vulnerability in WPPlugins – WordPress Security Plugins Hide My WP Ghost allows Functionality Bypass.This issue affects Hide My WP Ghost: from n/a through 5.0.25.