CVE-2024-37881

moderate-risk

Published 2024-06-19

SiteGuard WP Plugin provides a functionality to customize the path to the login page wp-login.php and implements a measure to avoid redirection from other URLs. However, SiteGuard WP Plugin versions prior to 1.7.7 missed to implement a measure to avoid redirection from wp-register.php. As a result, the customized path to the login page may be exposed.

Do I need to act?

~

5.2% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

5

CVSS 5.3/10 Medium

NETWORK / LOW complexity

References (6)

https://jvn.jp/en/jp/JVN60331535/

https://plugins.trac.wordpress.org/changeset/3094238/siteguard/trunk/classes/sit...

https://www.jp-secure.com/siteguard_wp_plugin_en/vuls/WPV2024001_en.html

https://jvn.jp/en/jp/JVN60331535/

https://plugins.trac.wordpress.org/changeset/3094238/siteguard/trunk/classes/sit...

https://www.jp-secure.com/siteguard_wp_plugin_en/vuls/WPV2024001_en.html

34

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 8/34 · Low

Exposure 5/34 · Minimal