WordPress Plugin Vulnerabilities
Protect WP Admin < 4.0 - Unauthenticated Protection Bypass
Description
The plugin discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered.
Proof of Concept
- Set custom path via setting (for example "secretlogin") - As unauthenticated, open https://example.com/wp-login.php?action=lostpassword&error=invalidkey in a different browser - It will redirects to the script admin panel URL: https://example.com/secretlogin/?action=lostpassword&error=invalidkey
Affects Plugins
References
Miscellaneous
Original Researcher
Daniel Ruf
Submitter
Daniel Ruf
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-06-12 (about 11 months ago)
Added
2023-06-12 (about 11 months ago)
Last Updated
2023-06-12 (about 11 months ago)