Protect WP Admin < 4.0 – Unauthenticated Protection Bypass | CVE 2023-3139 | Plugin Vulnerabilities

Description

The plugin discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered.

Proof of Concept

- Set custom path via setting (for example "secretlogin")
- As unauthenticated, open https://example.com/wp-login.php?action=lostpassword&error=invalidkey in a different browser
- It will redirects to the script admin panel URL: https://example.com/secretlogin/?action=lostpassword&error=invalidkey

Affects Plugins

protect-wp-admin

Fixed in 4.0

References

CVE

URL

https://magos-securitas.com/txt/CVE-2023-3139.txt

Miscellaneous

Original Researcher

Daniel Ruf

Submitter

Daniel Ruf

Submitter website

https://magos-securitas.com

Verified

Yes

WPVDB ID

f8a29aee-19cd-4e62-b829-afc9107f69bd

Timeline

Publicly Published

2023-06-12 (about 11 months ago)

Added

2023-06-12 (about 11 months ago)

Last Updated

2023-06-12 (about 11 months ago)

Other

Published

Title

Published

2022-09-26

Title

Drag and Drop Multiple File Upload < 1.3.6.5 - File Upload Size Limit Bypass

Published

2023-09-29

Title

WP Captcha <= 2.0.0 - Captcha Bypass

Published

2019-09-18

Title

Social Metrics Tracker <= 1.6.8 - Unauthorised Data Export

Published

2020-02-29

Title

Booked < 2.2.6 - Broken Authentication to Export Users Data in CSV

Published

2022-08-17

Title

Titan Anti-spam & Security < 7.3.1 - Protection Bypass due to IP Spoofing