The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page.