CVE-2022-1589

Name of the Vulnerable Software and Affected Versions The Change wp-admin login WordPress plugin versions prior to 1.1.0

Description The issue arises from the plugin's failure to properly check for authorization and its lack of CSRF check when updating settings. This could allow unauthenticated users to change the settings, and the attack could also be performed via a CSRF vector.

Recommendations For versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings page to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved.