Cyber Resilience

CVE-2024-37881

Medium

Published: 19 June 2024

Published
19 June 2024
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.0520 90.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-37881 is a medium-severity Insertion of Sensitive Information Into Sent Data (CWE-201) vulnerability. Its CVSS base score is 5.3 (Medium).

Operationally, ranked in the top 9.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

The vulnerability CVE-2024-37881 affects the SiteGuard WP Plugin for WordPress in versions prior to 1.7.7. The plugin customizes the path to wp-login.php and blocks redirection leaks from other URLs, but it omitted equivalent protection for wp-register.php, allowing the custom login path to be exposed through redirection behavior.

An unauthenticated remote attacker can request wp-register.php to trigger a redirection that leaks the customized login URL. The flaw requires no credentials or user interaction and results in limited information disclosure, consistent with its CVSS 5.3 rating.

Vendor advisories and the referenced JVN notice direct users to upgrade to version 1.7.7, where the missing redirection check for wp-register.php was added in the plugin's siteguard-rename-login.php file.

The associated EPSS score has remained flat at 0.0520 with no material rise after disclosure.

EU & UK References

Vulnerability details

SiteGuard WP Plugin provides a functionality to customize the path to the login page wp-login.php and implements a measure to avoid redirection from other URLs. However, SiteGuard WP Plugin versions prior to 1.7.7 missed to implement a measure to avoid…

more

redirection from wp-register.php. As a result, the customized path to the login page may be exposed.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

SiteGuard WP Plugin
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-601

Security awareness includes verifying URLs and avoiding untrusted redirects that lead to malicious sites.

addresses: CWE-601

Validates redirect targets and URLs to ensure they conform to allowed destinations.

addresses: CWE-201

Embedding taints allows detection when sensitive data is inserted into outbound or sent data streams.

References