CVE-2022-3489

Name of the Vulnerable Software and Affected Versions WP Hide WordPress plugin versions 0.0.0 through 0.0.2

Description The issue concerns a lack of authorization and CSRF checks when updating the custom wpadmin slug settings. This allows unauthenticated attackers to update the settings with a crafted request.

Recommendations For WP Hide WordPress plugin versions 0.0.0 through 0.0.2, consider disabling the update functionality for custom wpadmin slug settings until a patch is available. Restrict access to the settings update endpoint to minimize the risk of exploitation. Avoid using the custom wpadmin slug settings update feature in the affected plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.