← volver
CVE-2023-4549

DoLogin Security < 3.7 - Unauthenticated Stored Cross-Site Scripting

EPSS 0.6%
The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form.
Productos afectados
Unknown · DoLogin Security

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://wpscan.com/vulnerability/8aebead0-0eab-4d4e-8ceb-8fea0760374f