WordPress Plugin Vulnerabilities

Change WP Admin < 1.1.4 - Secret Login Page Disclosure

Description

The plugin discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered.

Proof of Concept

- Set custom Login URL under "Settings > Permalinks". For example, `login`
- As an unauthenticated visitor, open https://example.com/wp-admin/customize.php in a different browser
- It will redirect to the login page: https://example.com/login/?redirect_to=https%3A%2F%2Fexample.com%2Fwp-admin%2Fcustomize.php&reauth=1

Affects Plugins

Plugin icon
change-wp-admin-login
Fixed in 1.1.4

References

CVE
CVE-2023-3604

Miscellaneous

Original Researcher
Muhamad Arsyad
Submitter
Muhamad Arsyad
Verified
Yes
WPVDB ID
8f6615e8-f607-4ce4-a0e0-d5fc841ead16

Timeline

Publicly Published
2023-07-27 (about 11 months ago)
Added
2023-07-27 (about 11 months ago)
Last Updated
2023-07-27 (about 11 months ago)

Other

Published
Title
Published
2019-04-11
Title
YellowPencil Visual CSS Style Editor <= 7.2.0 - Unauthenticated Arbitrary Options Updates
Published
2024-04-15
Title
Zero Spam < 5.5.7 - Spam Protection Bypass
Published
2019-08-25
Title
WooCommerce PayU India <= 2.1.1 - Price Tampering
Published
2019-10-14
Title
WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts
Published
2021-08-19
Title
WP Cerber Security < 8.9.3 - 2FA Authentication Bypass