We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-3604

Change WP Admin < 1.1.4 - Secret Login Page Disclosure



AssignerWPScan
Reserved2023-07-10
Published2023-08-21
Updated2024-10-02

Description

The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered.

Problem types

CWE-203 Information Exposure Through Discrepancy

Product status

Default status
unaffected

Any version before 1.1.4
affected

Credits

Muhamad Arsyad 0x4005b7fdc0

WPScan 0x4005b7fdd0

References

https://wpscan.com/vulnerability/8f6615e8-f607-4ce4-a0e0-d5fc841ead16 exploit vdb-entry technical-description

cve.org CVE-2023-3604

nvd.nist.gov CVE-2023-3604

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.