Vulnerability CVE-2022-3489


Published: 2022-11-07

Description:
The WP Hide WordPress plugin through 0.0.2 does not have authorisation and CSRF checks in place when updating the custom_wpadmin_slug settings, allowing unauthenticated attackers to update it with a crafted request

Type:

CWE-352

(Cross-Site Request Forgery (CSRF))

 References:
https://wpscan.com/vulnerability/36d78b6c-0da5-44f8-b7b3-eae78edac505

Copyright 2026, cxsecurity.com

 

Back to Top