[wp-trac] [WordPress Trac] #46953: Plugin disclosing the hidden login page

WordPress Trac noreply at wordpress.org
Tue Apr 16 21:11:43 UTC 2019


#46953: Plugin disclosing the hidden login page
--------------------------+-----------------------------
 Reporter:  hackison      |      Owner:  (none)
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Plugins       |    Version:
 Severity:  critical      |   Keywords:  needs-patch
  Focuses:  privacy       |
--------------------------+-----------------------------
 Im having my own wordpress website with Wp hide login plugin installed.
 Recently i was testing my website in an online osint website
 https://urlscan.io/. The result was shocking in the **content tab** , my
 hidden login form is disclosed. Login form is disclosing through buddy
 press plugin.This occurs due to incompatibility between buddypress plugin
 and wp hide login plugin.Please fix it asap Thank you

 STEPS TO REPRODUCE:

 1) Go to https://urlscan.io/ website.
 2) In the search bar type the website you want to get the hidden login
 form.
 3) Wait till the scan completes.
 4) Now result will be displayed move to content tab.
 5) You can see the hiden login form details getting disclosed.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/46953>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list