Unrated severityNVD Advisory· Published Nov 7, 2022· Updated May 1, 2025
WP Hide <= 0.0.2 - Unauthenticated Settings Update
CVE-2022-3489
Description
The WP Hide WordPress plugin through 0.0.2 does not have authorisation and CSRF checks in place when updating the custom_wpadmin_slug settings, allowing unauthenticated attackers to update it with a crafted request
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <=0.0.2
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.