PT-2026-5097 · WordPress · Change Wp Url
Ibnu
+1
·
Published
2026-01-28
·
Updated
2026-01-28
·
CVE-2026-1398
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Change WP URL plugin for WordPress versions prior to 1.1
Description
The Change WP URL plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) in versions up to and including 1.0. This is a result of inadequate or absent nonce validation on the 'change-wp-url' page. An unauthenticated attacker could potentially modify the WordPress Login URL by forging a request, provided they can deceive a site administrator into performing an action, such as clicking a malicious link.
Recommendations
Update the Change WP URL plugin to version 1.1 or later.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Change Wp Url