Skip to main content

Defender Security

2 CVEs product

Monthly

CVE-2023-5089 MEDIUM POC This Month

The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Defender Security
NVD WPScan
CVSS 3.1
5.3
EPSS
2.2%
CVE-2021-4425 MEDIUM POC PATCH This Month

The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Defender Security
NVD
CVSS 3.1
4.3
EPSS
0.2%
EPSS 2% CVSS 5.3
MEDIUM POC This Month

The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Defender Security
NVD WPScan
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Defender Security
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy