CVE-2020-36710 MEDIUM

CVE-2020-36710: WPS Hide Login <= 1.5.4.2 - Hidden Login Page Location Disclosure

Vendor Tabrisrp
Product WPS Hide Login
Weakness CWE-863 · Incorrect authorization
Published June 7, 2023
Last update April 8, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2.

Key dates

02Disclosure timeline

June 7, 2023 CVE published
April 8, 2026 Record updated