Wpplugins Hide My Wp Ghost — known CVE vulnerabilities
Every CVE whose affected-product data names Wpplugins Hide My Wp Ghost, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2025-26909 — CVSS 9.6 (critical): Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Darrel Hide…
CVE-2024-6420 — CVSS 8.6 (high): The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the auth_redirect WordPress function…
CVE-2025-2056 — CVSS 7.5 (high): The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Path Traversal in all versions up to, and…
CVE-2022-4537 — CVSS 6.5 (medium): The Hide My WP Ghost – Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including…
CVE-2024-10825 — CVSS 6.1 (medium): The Hide My WP Ghost – Security & Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL in all…
CVE-2024-13794 — CVSS 5.3 (medium): The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Login Page Dislcosure in all versions up to…
CVE-2023-34001 — CVSS 5.3 (medium): Improper Restriction of Excessive Authentication Attempts vulnerability in WPPlugins – WordPress Security Plugins Hide My WP Ghost allows…