Description
The All In One WP Security & Firewall plugin suffers from open redirect and exposure of the actual URL of the "hidden login page" feature. Edit (WPScanTeam) October 3rd, 2019 - Email sent to dev via https://wpsolutions-hq.com/contact/ October 8th - Dev ACK & investigating it October 8th - v4.4.2 released, fixing the issues (confirmed by researcher)

First seen on: https://wpvulndb.com/vulnerabilities/9898

Share This: