Lucene search
Muhamad ArsyadWPVDB-ID:8F6615E8-F607-4CE4-A0E0-D5FC841EAD16HistoryJul 27, 2023 - 12:00 a.m.
Change WP Admin < 1.1.4 - Secret Login Page Disclosure
2023-07-2700:00:00
Muhamad Arsyad
wpscan.com
2
wp admin
secret login
page disclosure
plugin
url
bypassing protection
Description The plugin discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered.
PoC
- Set custom Login URL under “Settings > Permalinks”. For example, login - As an unauthenticated visitor, open https://example.com/wp-admin/customize.php in a different browser - It will redirect to the login page: https://example.com/login/?redirect_to=https%3A%2F%2Fexample.com%2Fwp-admin%2Fcustomize.php&reauth;=1
| CPE | Name | Operator | Version |
|---|---|---|---|
| change-wp-admin-login | eq | 1.1.4 |
Related
prion
prion
Design/Logic Flaw
2023-08-21 17:15:00
cvelist
cvelist
CVE-2023-3604 Change WP Admin < 1.1.4 - Secret Login Page Disclosure
2023-08-21 12:29:51
nvd
nvd
CVE-2023-3604
2023-08-21 17:15:49
wpexploit
wpexploit
Change WP Admin < 1.1.4 - Secret Login Page Disclosure
2023-07-27 00:00:00
cve
cve
CVE-2023-3604
2023-08-21 17:15:49
wordfence
wordfence
6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
36.1%
Related for WPVDB-ID:8F6615E8-F607-4CE4-A0E0-D5FC841EAD16