CVE-2023-3604
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Aug 21, 2023
Updated: Nov 7, 2023
CWE ID 20
Summary
CVE-2023-3604 is a vulnerability affecting the Change WP Admin Login plugin for WordPress. Prior to version 1.1.4, this plugin inadvertently disclosed the URL of the hidden login page when accessing a specially crafted link. This revelation bypasses the security measures intended to conceal the login page from unauthorized users. Thus, potential attackers can easily gain access to the WordPress admin area, potentially leading to data theft or further system compromise.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Microsoft .NET Framework
- Microsoft Visual Studio 2022
Affected Vendors
- Microsoft