3 matches found
CVE-2022-1732
The Rename wp-login.php WordPress plugin through 2.6.0 does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2021-25102
The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirectto parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to an Arbitrary Redire...
PT-2021-16880 · Dolibarr · Dolibarr
Name of the Vulnerable Software and Affected Versions: Dolibarr versions 3.3.beta1 20121221 through 13.0.2 Description: The issue allows admin level users to change other user's details but fails to validate already existing Login name, while renaming the user Login. This leads to complete accoun...