The All In One WP Security & Firewall plugin suffers from open redirect and exposure of the actual URL of the "hidden login page" feature. Edit (WPScanTeam) October 3rd, 2019 - Email sent to dev via October 8th - Dev ACK & investigating it October 8th - v4.4.2 released, fixing the issues (confirmed by researcher)

First seen on:

Share This: