Protect WP Admin < 4.0 – Unauthenticated Protection Bypass | CVE 2023-3139 | Plugin Vulnerabilities

Description

The plugin discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered.

Proof of Concept

- Set custom path via setting (for example "secretlogin")
- As unauthenticated, open https://example.com/wp-login.php?action=lostpassword&error=invalidkey in a different browser
- It will redirects to the script admin panel URL: https://example.com/secretlogin/?action=lostpassword&error=invalidkey

Affects Plugins

protect-wp-admin

Fixed in 4.0

References

CVE

URL

https://magos-securitas.com/txt/CVE-2023-3139.txt

Miscellaneous

Original Researcher

Daniel Ruf

Submitter

Daniel Ruf

Submitter website

https://magos-securitas.com

Verified

Yes

WPVDB ID

f8a29aee-19cd-4e62-b829-afc9107f69bd

Timeline

Publicly Published

2023-06-12 (about 2 years ago)

Added

2023-06-12 (about 2 years ago)

Last Updated

2023-06-12 (about 2 years ago)

Other

Published

Title

Published

2017-03-03

Title

Adminer <= 1.4.5 - Security Bypass

Published

2020-02-25

Title

Pricing Table by Supsystic < 1.8.2 - Insecure Permissions on AJAX Actions

Published

2015-06-10

Title

Paypal Currencucy Converter Basic For Woocommerce <= 1.3 - File Read

Published

2014-08-01

Title

blogVault 1.08 - Missing Account Empty Secret Key Generation

Published

2016-02-08

Title

WooCommerce - Store Toolkit Plugin <= 1.5.6 - Privilege Escalation