IP Address Spoofing to Denial of Service

Skrevet den af i Solid Security

The Solid Security – Password, Two Factor Authentication, and Brute Force Protection plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 9.3.1 due to insufficient IP address validation. This makes it possible for unauthenticated attackers to perform a denial of service attack.

This vulnerability affects the following application versions:

  • Solid Security 8.0.0
  • Solid Security 8.0.1
  • Solid Security 8.0.2
  • Solid Security 8.1.0
  • Solid Security 8.1.1
  • Solid Security 8.1.2
  • Solid Security 8.1.3
  • Solid Security 8.1.4
  • Solid Security 8.1.5
  • Solid Security 8.1.6
  • Solid Security 8.1.7
  • Solid Security 8.1.8
  • Solid Security 9.0.0
  • Solid Security 9.0.1
  • Solid Security 9.0.2
  • Solid Security 9.0.3
  • Solid Security 9.1.0
  • Solid Security 9.2.0
  • Solid Security 9.3.0
  • Solid Security 9.3.1

Unauthenticated Login Page Disclosure

Skrevet den af i Solid Security

Unauthenticated attackers could discover the custom login page path when comments and user registration were enabled, bypassing the plugin’s login path hiding.

This vulnerability affects the following application versions:

  • Solid Security 8.0.0
  • Solid Security 8.0.1
  • Solid Security 8.0.2
  • Solid Security 8.1.0
  • Solid Security 8.1.1
  • Solid Security 8.1.2
  • Solid Security 8.1.3
  • Solid Security 8.1.4
  • Solid Security 8.1.5
  • Solid Security 8.1.6
  • Solid Security 8.1.7
  • Solid Security 8.1.8
  • Solid Security 9.0.0