What is CVE-2023-5089?

CVE-2023-5089 is a vulnerability in Defender Security, classified under CWE-209 GENERATION OF ERROR MESSAGE CONTAINING SENSITIVE INFORMATION. Published 2023-10-16.

Is CVE-2023-5089 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Defender Security

CVE-2023-5089

The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page function…

EPSS: 0.831 (99.3th percentile) — read the EPSS interpretation.

Affected products

Unknown Defender Security — versions 0

Public proof-of-concept exploits

References

wpscan.com/vulnerability/2b547488-187b-44bc-a57d-f876a7d4c87d (exploit, vdb-entry, technical-description)
www.sprocketsecurity.com/resources/discovering-wp-admin-urls-in-wordpress-with-…

Frequently asked questions

What is CVE-2023-5089?: CVE-2023-5089 is a vulnerability in Defender Security, classified under CWE-209 GENERATION OF ERROR MESSAGE CONTAINING SENSITIVE INFORMATION. Published 2023-10-16.
Is CVE-2023-5089 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.