CVE-2022-1594: 
WordPress vulnerability analysis and mitigation

The HC Custom WP-Admin URL WordPress plugin version 1.4 and below contains a Cross-Site Request Forgery (CSRF) vulnerability identified as CVE-2022-1594. The vulnerability was discovered by Daniel Ruf and publicly disclosed on May 18, 2022. The plugin lacks proper CSRF checks in certain areas, which affects the security of WordPress installations using this plugin (WPScan).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue with a CVSS score of 5.4 (medium severity). It is categorized under CWE-352 and maps to OWASP Top 10 category A2: Broken Authentication and Session Management. The technical issue stems from the absence of CSRF protection mechanisms in specific plugin functionalities, which can be exploited using simple HTML form submissions (WPScan).

The vulnerability allows attackers to make logged-in users perform unwanted actions through CSRF attacks. This could lead to unauthorized changes in plugin settings and potentially affect the WordPress installation's security configuration (WPScan).

As of the last update, there is no known fix available for this vulnerability. Users of the HC Custom WP-Admin URL plugin should consider implementing additional security measures or using alternative plugins until a patch is released (WPScan).