Change WP URL WordPress Plugin Cross-Site Request Forgery Vulnerability

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Change WP URL plugin for WordPress, affecting all versions through 1.0. The issue arises from inadequate nonce validation on the 'change-wp-url' page, allowing unauthenticated attackers to alter the WP Login URL by sending a forged request, provided they can persuade a site administrator to click a link.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in the WP Login URL, potentially causing confusion or access issues for users.

Added: Jan 28, 2026, 12:19 PM

Updated: Jan 28, 2026, 12:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.9

remediation

0.0

relevance

2.4

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.9

remediation

0.0

relevance

2.4

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Change WP URL WordPress Plugin Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating