WPS Hide Login - Information Disclosure (CVE-2024-2473)

CVE-2024-2473 is an information disclosure vulnerability in the WPS Hide Login plugin for WordPress, affecting all versions up to 1.9.15.2. By exploiting a flaw involving the 'action=postpass' parameter, attackers can easily bypass the plugin's protections and reveal the hidden login page. This exposure increases the risk of targeted brute-force or credential stuffing attacks against WordPress sites that rely on this plugin for login page obfuscation.

CrowdSec has been tracking this vulnerability and its exploits since 14th of January 2026.

Data from the CrowdSec community indicates that exploitation of CVE-2024-2473 is highly selective and intelligence-driven. Threat actors use advanced reconnaissance and carefully choose their targets, often as part of sophisticated campaigns or advanced persistent threat operations. Additionally, according to week-over-week analysis by CrowdSec, exploitation of CVE-2024-2473 is surging. Attack volumes are spiking well above historical norms, indicating widespread and escalating interest from threat actors. CVE-2024-2473 is currently experiencing high visibility and active exploitation across the internet.

Attackers probe for hidden WordPress login pages by sending requests with the action=postpass parameter to endpoints like /wp-login.php and /wp-admin/, exploiting a bypass in the WPS Hide Login plugin to reveal or redirect to the actual login page.