Description
WordPress Plugin WPS Hide Login is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently access the secret login page. WordPress Plugin WPS Hide Login version 1.5.4.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.5.5 or latest
References
https://blog.nintechnet.com/wordpress-wps-hide-login-fixed-security-issue/
https://plugins.svn.wordpress.org/wps-hide-login/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin WP Taxonomy Import Cross-Site Scripting (1.0.4)
WordPress Plugin Content Audit Multiple Vulnerabilities (1.9.1)
ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5866)
MediaWiki Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4302)