The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2022-05-30T08:36:04
Updated: 2024-08-03T00:10:03.626Z
Reserved: 2022-05-05T00:00:00
Link: CVE-2022-1589
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-05-30T09:15:10.157
Modified: 2024-11-21T06:41:01.620
Link: CVE-2022-1589
Redhat
No data.