CVE-2023-5089

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Oct 16, 2023

Updated: Nov 7, 2023

Summary

CVE-2023-5089 is a vulnerability affecting the Defender Security plugin for WordPress. This issue allows unauthenticated visitors to access the login page, bypassing the hide login page functionality. The vulnerability lies in the plugin's auth_redirect function, which fails to prevent redirects to the login page. This can potentially expose WordPress installations to brute force attacks or other forms of unauthorized access. Users are advised to update to the latest version of the Defender Security plugin (4.1.0 or above) to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Wpmudev Defender Security

Affected Vendors

WPMU DEV

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/svcC4K
https://www.cve.org/CVERecord?id=CVE-2023-5089
https://nvd.nist.gov/vuln/detail/CVE-2023-5089

Back to Vulnerability Database