CVE-2023-3139
published 2023-07-04CVE-2023-3139: The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered.
PriorityP180medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.73%
49.5th percentile
The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wp-experts | protect_wp_admin | < 4.0 | 4.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploitation confirmed by a GET to /wp-login.php?action=lostpassword&error=invalidkey returning HTTP 301 with a Location header containing '?action=lostpassword&error=invalidkey', leaking the protected admin panel URL ↗
- →The redirect Location header reveals the hidden admin panel URL; extract it with regex 'Location:([ a-z:/0-9.?=&]+)' ↗
- →Use Shodan/FOFA/PublicWWW to enumerate exposed instances via plugin path in HTML body ↗
- ·The bypass requires only a single unauthenticated GET request (max-request: 1 for the exploit step); no authentication or special headers needed ↗
- ·The vulnerability is fixed in plugin version 4.0 and later; versions strictly below 4.0 are affected ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xr6q-qcgj-7prg: The Protect WP Admin WordPress plugin before 4
ghsa_unreviewed·2023-07-04
CVE-2023-3139 [MEDIUM] CWE-200 GHSA-xr6q-qcgj-7prg: The Protect WP Admin WordPress plugin before 4
The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered.
VulnCheck
wp-experts protect_wp_admin URL Redirection to Untrusted Site ('Open Redirect')
vulncheck·2023·CVSS 6.1
CVE-2023-3139 [MEDIUM] wp-experts protect_wp_admin URL Redirection to Untrusted Site ('Open Redirect')
wp-experts protect_wp_admin URL Redirection to Untrusted Site ('Open Redirect')
The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered.
Affected: wp-experts protect_wp_admin
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://patchstack.com/database/vulnerability/protect-wp-admin/wordpress-protect-wp-admin-plugin-4-0-unauthenticated-protection-bypass-vulnerability
No detection rules found.
Nuclei
Protect WP Admin < 4.0 - Unauthenticated Protection Bypass
nuclei·CVSS 6.1
CVE-2023-3139 [MEDIUM] Protect WP Admin < 4.0 - Unauthenticated Protection Bypass
Protect WP Admin < 4.0 - Unauthenticated Protection Bypass
The Protect WP Admin WordPress plugin before version 4.0 disclosed the URL of the admin panel through the redirection of a crafted URL, bypassing the protection offered.
Template:
id: CVE-2023-3139
info:
name: Protect WP Admin < 4.0 - Unauthenticated Protection Bypass
author: popcorn94
severity: medium
description: |
The Protect WP Admin WordPress plugin before version 4.0 disclosed the URL of the admin panel through the redirection of a crafted URL, bypassing the protection offered.
impact: |
Unauthenticated attackers can exploit URL redirection to discover the protected admin panel URL and bypass the protection mechanism offered by the plugin.
remediation: Fixed in 4.0 or later
reference:
- https://wpscan.com/vulnerability/f8
No writeups or analysis indexed.
2023-07-04
Published
Exploited in the wild