BUG plugin bug! please help double slash URL

T

teamh

New member
#1
Messages
1
Likes
0
Points
0
#1
So I have upgraded to the new 1.1.9 Webcraftic Hide Login page plugin for WordPress. There is a vulnerability in the plugin, my company ran a PEN test and found vulnerability on the is URL when entered https://sampleurl.com//wp-login.php instead of a 403 Error it goes to the sercret login page URL, I will point out that the // double slash is correct, it redirects to the secret WordPress login page. Can anyone help with this? please....
 
alexkovalev

alexkovalev

Program developer
Staff member
#2
Messages
267
Likes
19
Points
18
#2
Hi,

Thank you very much for finding the vulnerability, you are indeed right! We are already working on a fix and will fix this vulnerability soon.

We apologize for the inconvenience caused!
 
You must log in or register to reply here.