admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-05 18:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2022/CVE-2022-1589.md

19 lines
964 B
Markdown
Raw Permalink Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2022-1589](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1589)
![](https://img.shields.io/static/v1?label=Product&message=Change%20wp-admin%20login&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.1.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-863%20Incorrect%20Authorization&color=brighgreen)
### Description
The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector
### POC
#### Reference
- https://wpscan.com/vulnerability/257f9e14-4f43-4852-8384-80c15d087633
#### Github
No PoCs found on GitHub currently.
Reference in New Issue Copy Permalink