← volver
CVE-2021-24658

Erident Custom Login and Dashboard < 3.5.9 - Authenticated Stored Cross-Site Scripting (XSS)

EPSS 0.7%CWE-79
The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them (even when the unfileted_html is disabled)
Productos afectados
Libin V Babu · Erident Custom Login and Dashboard

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://plugins.trac.wordpress.org/changeset/2507516https://wpscan.com/vulnerability/ec70f02b-02a1-4511-949e-68f2d9d37ca8