The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-05-30T08:36:04

Updated: 2024-08-03T00:10:03.626Z

Reserved: 2022-05-05T00:00:00

Link: CVE-2022-1589

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-05-30T09:15:10.157

Modified: 2024-11-21T06:41:01.620

Link: CVE-2022-1589

cve-icon Redhat

No data.