WordPress HC Custom WP-Admin URL <=1.4 - Admin Login URL Disclosure

The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request id: CVE-2022-1595 info: name: WordPress HC Custom WP-Admin URL =1.5 to mitigate the vulnerability. reference: -...

CVE-2022-1594

The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL...

CVE-2022-1595

The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request...

CVE-2022-1595

CVE-2022-1595 affects the WordPress HC Custom WP-Admin URL plugin up to version 1.4. The issue is unauthenticated information disclosure: a crafted request leaks the secret admin login URL, enabling potential brute‑force targeting of the admin panel. Affected: HC Custom WP-Admin URL WordPress plu...

CVE-2022-1594

CVE-2022-1594 concerns the WordPress plugin HC Custom WP-Admin URL (versions ≤ 1.4). The vulnerability is a lack of CSRF protection when updating settings, enabling a logged-in administrator to be coerced into changing the login URL via a CSRF attack. Impact aligns with Arbitrary Settings Update ...

PT-2022-13992 · WordPress · Hc Custom Wp-Admin Url

Name of the Vulnerable Software and Affected Versions: HC Custom WP-Admin URL WordPress plugin versions 1.4 and earlier Description: The issue allows the secret login URL to be leaked when a specific crafted request is sent. Recommendations: For HC Custom WP-Admin URL WordPress plugin versions 1....

WordPress HC Custom WP-Admin URL plugin <= 1.4 - Unauthenticated Secret URL Disclosure vulnerability

Unauthenticated Secret URL Disclosure vulnerability discovered by Daniel Ruf in WordPress HC Custom WP-Admin URL plugin versions = 1.4. Solution Deactivate and delete. This plugin has been closed as of May 5, 2022 and is not available for download. This closure is temporary, pending a full review...

WordPress HC Custom WP-Admin URL plugin <= 1.4 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress HC Custom WP-Admin URL plugin versions = 1.4. Solution Deactivate and delete. This plugin has been closed as of May 5, 2022 and is not available for download. This closure is temporar...