7.5
CVE-2023-3604
- EPSS 0.69%
- Veröffentlicht 21.08.2023 17:15:49
- Zuletzt bearbeitet 16.01.2026 17:20:15
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginChange WP Admin < 1.1.4 - Secret Login Page Disclosure
Change WP Admin Login <= 1.1.3 - Protection Mechanism Failure to Login Page Disclosure
The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered.
Mögliche Gegenmaßnahme
All In One Login — Login Page Security and Customization for WordPress with Google reCAPTCHA, Social Login, Temporary Login, 2FA, and more.: Update to version 1.1.4, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wpexperts ≫ All In One Login SwPlatformwordpress Version < 1.1.4
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
All In One Login — Login Page Security and Customization for WordPress with Google reCAPTCHA, Social Login, Temporary Login, 2FA, and more.
Version
*-1.1.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.69% | 0.48 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
https://wpscan.com/vulnerability/8f6615e8-f607-4ce4-a0e0-d5fc841ead16
https://www.wordfence.com/threat-intel/vulnerabilities/id/9410b5b8-1bb2-42d7-8d4d-721131d392e3