The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered.CreditsMuhamad ArsyadWPScanReferenceshttps://wpscan.com/vulnerability/8f6615e8-f607-4ce4-a0e0-d5fc841ead16