cve/2023/CVE-2023-5089.md

### [CVE-2023-5089](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5089)
![](https://img.shields.io/static/v1?label=Product&message=Defender%20Security&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.1.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-209%20Generation%20of%20Error%20Message%20Containing%20Sensitive%20Information&color=brighgreen)

### Description

The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.

### POC

#### Reference
- https://wpscan.com/vulnerability/2b547488-187b-44bc-a57d-f876a7d4c87d

#### Github
- https://github.com/nomi-sec/PoC-in-GitHub
Update CVE sources 2024-05-28 08:49 2024-05-28 08:49:17 +00:00			`### [CVE-2023-5089](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5089)`
			`![](https://img.shields.io/static/v1?label=Product&message=Defender%20Security&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.1.0%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-209%20Generation%20of%20Error%20Message%20Containing%20Sensitive%20Information&color=brighgreen)`

			`### Description`

			`The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.`

			`### POC`

			`#### Reference`
			`- https://wpscan.com/vulnerability/2b547488-187b-44bc-a57d-f876a7d4c87d`

			`#### Github`
			`- https://github.com/nomi-sec/PoC-in-GitHub`