Mp Customize Login Page
Monthly
Cross-Site Request Forgery in the MP Customize Login Page WordPress plugin (all versions ≤ 1.0) enables unauthenticated remote attackers to overwrite login page settings - background, logo URL, image dimensions, button colors, and login message - by tricking a logged-in administrator into submitting a crafted request. The root cause is a doubly defective nonce implementation in enter_mpclp_login_options(): the check is logically inverted (blocking valid nonces while passing invalid ones) and the required action parameter is omitted from wp_verify_nonce(), rendering the entire check dead code. Compounding this, the settings handler is registered on the init hook without any capability gate, so no privilege level is required from the attacker. No public exploit has been identified at time of analysis, and active exploitation has not been confirmed by CISA KEV.
Cross-Site Request Forgery in the MP Customize Login Page WordPress plugin (all versions ≤ 1.0) enables unauthenticated remote attackers to overwrite login page settings - background, logo URL, image dimensions, button colors, and login message - by tricking a logged-in administrator into submitting a crafted request. The root cause is a doubly defective nonce implementation in enter_mpclp_login_options(): the check is logically inverted (blocking valid nonces while passing invalid ones) and the required action parameter is omitted from wp_verify_nonce(), rendering the entire check dead code. Compounding this, the settings handler is registered on the init hook without any capability gate, so no privilege level is required from the attacker. No public exploit has been identified at time of analysis, and active exploitation has not been confirmed by CISA KEV.