Lucene search
HistoryAug 21, 2023 - 5:15 p.m.
CVE-2023-3604
cve-2023-3604
change wp admin login
wordpress plugin
url disclosure
hidden login page
bypassing protection
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
36.1%
The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered.
Affected configurations
Node
change_wp-admin_login_projectchange_wp-admin_loginRange<1.1.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| change_wp\-admin_login_project | change_wp\-admin_login | * | cpe:2.3:a:change_wp\-admin_login_project:change_wp\-admin_login:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Change WP Admin Login",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.1.4"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
Change WP Admin < 1.1.4 - Secret Login Page Disclosure
2023-07-27 00:00:00
cvelist
cvelist
CVE-2023-3604 Change WP Admin < 1.1.4 - Secret Login Page Disclosure
2023-08-21 12:29:51
nvd
nvd
CVE-2023-3604
2023-08-21 17:15:49
prion
prion
Design/Logic Flaw
2023-08-21 17:15:00
wpexploit
wpexploit
Change WP Admin < 1.1.4 - Secret Login Page Disclosure
2023-07-27 00:00:00
wordfence
wordfence
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
36.1%
Related for CVE-2023-3604