WordPress Plugin Vulnerabilities

Change WP Admin < 1.1.4 - Secret Login Page Disclosure

Description

The plugin discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered.

Proof of Concept

Affects Plugins

Plugin icon
change-wp-admin-login
Fixed in 1.1.4

References

CVE
CVE-2023-3604

Miscellaneous

Original Researcher
Muhamad Arsyad
Submitter
Muhamad Arsyad
Verified
Yes
WPVDB ID
8f6615e8-f607-4ce4-a0e0-d5fc841ead16

Timeline

Publicly Published
2023-07-27 (about 2 years ago)
Added
2023-07-27 (about 2 years ago)
Last Updated
2023-07-27 (about 2 years ago)

Other

Published
Title
Published
2024-05-28
Title
Login with phone number < 1.7.27 - Authentication Bypass due to Missing Empty Value Check
Published
2022-01-31
Title
Blackhole for Bad Bots < 3.3.2 - Arbitrary IP Address Blocking via IP Spoofing
Published
2015-06-26
Title
Multiple Themes - Privilige Escalation
Published
2016-04-21
Title
iThemes Security <= 5.3.0 - Insecure Backup/Logfile Generation
Published
2020-10-02
Title
WordPress + Microsoft Office 365 < 11.7 - JWT Signature Verification Bypass