Security Advisory

CVE-2022-3489

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-11-07 00:00:00

Last updated 2025-05-01 19:28:00

Assigner WPScan

State PUBLISHED

Description

The WP Hide WordPress plugin through 0.0.2 does not have authorisation and CSRF checks in place when updating the custom_wpadmin_slug settings, allowing unauthenticated attackers to update it with a crafted request

← Browse all CVEs View on cve.org ↗