Unauthenticated attackers could discover the custom login page path when comments and user registration were enabled, bypassing the plugin’s login path hiding.
This vulnerability affects the following application versions:
- Solid Security 8.0.0
- Solid Security 8.0.1
- Solid Security 8.0.2
- Solid Security 8.1.0
- Solid Security 8.1.1
- Solid Security 8.1.2
- Solid Security 8.1.3
- Solid Security 8.1.4
- Solid Security 8.1.5
- Solid Security 8.1.6
- Solid Security 8.1.7
- Solid Security 8.1.8
- Solid Security 9.0.0