vulnerability
WordPress Plugin: change-wp-admin-login: CVE-2022-1589: Incorrect Authorization
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | May 9, 2022 | May 15, 2025 | May 15, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
May 9, 2022
Added
May 15, 2025
Modified
May 15, 2025
Description
The Change WP Admin Login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector
Solution
change-wp-admin-login-plugin-cve-2022-1589

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.