2 matches found
CVE-2022-1589
CVE-2022-1589 affects the WordPress plugin “Change wp-admin login” prior to version 1.1.0. The issue arises from insufficient authorization checks and missing CSRF protection when updating settings, enabling unauthenticated users to modify settings via CSRF vectors. Documented impact is unauthent...
CVE-2022-1589 Change wp-admin Login < 1.1.0 - Unauthenticated Arbitrary Settings Update
The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector...