VYPR
Unrated severityNVD Advisory· Published May 30, 2022· Updated Aug 3, 2024

Change wp-admin Login < 1.1.0 - Unauthenticated Arbitrary Settings Update

CVE-2022-1589

Description

The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.