MidnightBSD

Advisories for change_wp-admin_login_project

CVE-2022-1589 MEDIUM

The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-863,

Products Affected

Vendor Product Version
wpexperts all_in_one_login *
change_wp-admin_login_project change_wp-admin_login *