CVE-2022-3489

Published: Nov 7, 2022

Modified: May 1, 2025

PUBLISHED

Description

The WP Hide WordPress plugin through 0.0.2 does not have authorisation and CSRF checks in place when updating the custom_wpadmin_slug settings, allowing unauthenticated attackers to update it with a crafted request

Vendor	Product	Versions
Unknown	Wp-Hide	affected `0.0.2 - <= 0.0.2`

Weaknesses (CWE)

CWE-862

CWE-352

References

https://wpscan.com/vulnerability/36d78b6c-0da5-44f8-b7b3-eae78edac505

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-3489

Description

Affected Products

Weaknesses (CWE)

References