← back
CVE-2021-24658

Erident Custom Login and Dashboard < 3.5.9 - Authenticated Stored Cross-Site Scripting (XSS)

EPSS 0.7%CWE-79
The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them (even when the unfileted_html is disabled)
Affected products
Libin V Babu · Erident Custom Login and Dashboard

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://plugins.trac.wordpress.org/changeset/2507516https://wpscan.com/vulnerability/ec70f02b-02a1-4511-949e-68f2d9d37ca8