EUVD-2026-4894

The Change WP URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'change-wp-url' page. This makes it possible for unauthenticated attackers to change the WP Login URL via a...

CVE-2026-1398 Change WP URL <= 1.0 - Cross-Site Request Forgery to Settings Update

The Change WP URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'change-wp-url' page. This makes it possible for unauthenticated attackers to change the WP Login URL via a...

CVE-2026-24578

CVE-2026-24578 is a Missing Authorization (Broken Access Control) issue in the WordPress plugin Admin login URL Change. Affected versions 1.1.5 or apply vendor-provided fixes as they become available. Monitor advisories (e.g., Patchstack, CVE listings, PT Security writeups) for any updated impac...

EUVD-2022-24883

Malicious code in bioql PyPI...

CVE-2022-1594

The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL...