GCVE - cpe:2.3:a:wpmudev:defender_security:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:wpmudev:defender_security:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Wpmudev (`a4908a28-206b-5801-853a-92926b63e5e8`)
Product	Defender Security (`bda24829-2d1a-509f-baf8-2436c9608f79`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-37444`	vulnerable	2026-06-03 14:56:06.655048	WordPress Defender plugin <= 4.7.1 - Broken Access Control vulnerability MEDIUM (5.3) Missing Authorization vulnerability in WPMU DEV - Your All-in-One WordPress Platform Defender Security defender-security.This issue affects Defender Security: from n/a through <= 4.7.1. Published: 2024-11-01T14:18:21.188Z Updated: 2026-04-28T16:09:59.043Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/defender-security/vulnerability/wordpress-defender-plugin-4-7-1-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-25595`	vulnerable	2026-06-03 14:55:13.753403	WordPress Defender Security plugin <= 4.4.1 - IP Restriction Bypass vulnerability MEDIUM (5.3) Authentication Bypass by Spoofing vulnerability in WPMU DEV Defender Security allows Functionality Bypass.This issue affects Defender Security: from n/a through 4.4.1. Published: 2024-05-17T08:23:10.160Z Updated: 2026-04-28T16:09:12.758Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/defender-security/wordpress-defender-security-plugin-4-4-1-ip-restriction-bypass-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-5089`	vulnerable	2026-06-03 14:53:46.986772	Defender Security < 4.1.0 - Protection Bypass (Hidden Login Page) The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled. Published: 2023-10-16T19:39:25.420Z Updated: 2025-04-23T16:10:59.957Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/2b547488-187b-44bc-a57d-f876a7d4c87d https://www.sprocketsecurity.com/resources/discovering-wp-admin-urls-in-wordpress-with-gravityforms	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-51490`	vulnerable	2026-06-03 14:53:32.314384	WordPress Defender Security Plugin <= 4.1.0 is vulnerable to Sensitive Data Exposure MEDIUM (5.3) Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a through 4.1.0. Published: 2024-01-08T20:17:34.600Z Updated: 2026-04-28T16:09:02.865Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/defender-security/wordpress-defender-security-plugin-4-1-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-47189`	vulnerable	2026-06-03 14:53:17.045389	WordPress Defender Security plugin <= 4.2.0 - Masked Login Area View Bypass vulnerability MEDIUM (5.3) Improper Authentication vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.2.0. Published: 2024-06-04T09:31:14.044Z Updated: 2026-04-28T16:08:48.642Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/defender-security/wordpress-defender-securit-plugin-4-2-0-masked-login-area-view-bypass-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-44581`	vulnerable	2026-06-03 14:48:17.303081	WordPress Defender Security plugin <= 3.3.2 - Broken Authentication vulnerability MEDIUM (5) Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2. Published: 2024-05-17T06:27:07.688Z Updated: 2026-04-28T16:07:50.956Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/defender-security/wordpress-defender-security-plugin-3-3-2-broken-authentication-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-4425`	vulnerable	2026-06-03 14:45:48.704874	Defender Security <= 2.4.6 - Cross-Site Request Forgery Bypass MEDIUM (4.3) The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verify_otp_login_time() function. This makes it possible for unauthenticated attackers to verify a one time login via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Published: 2023-07-12T07:21:50.023Z Updated: 2026-04-08T17:30:23.719Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/e772fbbe-33d5-46fa-a041-ab07d3f9318f?source=cve https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.