2 matches found
CVE-2022-1595
CVE-2022-1595 affects the WordPress HC Custom WP-Admin URL plugin up to version 1.4. The issue is unauthenticated information disclosure: a crafted request leaks the secret admin login URL, enabling potential brute‑force targeting of the admin panel. Affected: HC Custom WP-Admin URL WordPress plu...
CVE-2022-1594
CVE-2022-1594 concerns the WordPress plugin HC Custom WP-Admin URL (versions ≤ 1.4). The vulnerability is a lack of CSRF protection when updating settings, enabling a logged-in administrator to be coerced into changing the login URL via a CSRF attack. Impact aligns with Arbitrary Settings Update ...