The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress contains a CSRF vulnerability due to improper nonce validation in the 'custom_plugin_set_option' function. This flaw allows unauthenticated attackers to perform unauthorized changes to site options by leveraging an administrator's interaction with a crafted request. Specifically, attackers can modify the default registration role to administrator and enable user registration, potentially gaining administrative access. Exploitation is conditional on the 'WPBRIGADE_SDK__DEV_MODE' constant being true. The vulnerability affects all plugin versions up to and including 3.3.1. There is no vendor-provided patch or advisory linked at this time.

Successful exploitation can lead to full administrative compromise of the affected WordPress site by enabling attacker-controlled user registration with administrator privileges. This impacts confidentiality, integrity, and availability of the site. However, exploitation requires tricking an administrator into performing an action (UI interaction) and the presence of the 'WPBRIGADE_SDK__DEV_MODE' set to true, which may limit exposure. No known exploits in the wild have been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, administrators should verify that the 'WPBRIGADE_SDK__DEV_MODE' constant is not set to true in their environment, as this setting is required for exploitation. Additionally, administrators should exercise caution with unsolicited links and consider restricting administrative access or disabling user registration if not needed.