CVE-2023-3139: 
WordPress vulnerability analysis and mitigation

The Protect WP Admin WordPress plugin before version 4.0 contains a security vulnerability identified as CVE-2023-3139. The vulnerability was discovered and publicly disclosed on June 12, 2023, by security researcher Daniel Ruf. This vulnerability affects the plugin's protection mechanism for the WordPress admin panel, where the actual URL of the admin panel can be disclosed through a crafted URL redirection (WPScan).

The vulnerability is classified as an URL Redirection to Untrusted Site (CWE-601) with a CVSS v3.1 base score of 6.1 (Medium). The attack vector is network-accessible (AV:N) with low attack complexity (AC:L), requires no privileges (PR:N), and needs user interaction (UI:R). The scope is changed (S:C) with low confidentiality and integrity impact (C:L, I:L) and no availability impact (A:N) (NVD).

When successfully exploited, this vulnerability allows unauthenticated attackers to bypass the protection mechanism and discover the custom admin panel URL. This exposure could potentially lead to unauthorized access attempts and compromise the security measures put in place to protect the WordPress admin interface (WPScan).

The vulnerability has been fixed in version 4.0 of the Protect WP Admin plugin. Users are strongly advised to update to this version or later to prevent potential exploitation (WPScan).