← voltar
CVE-2021-24658

Erident Custom Login and Dashboard < 3.5.9 - Authenticated Stored Cross-Site Scripting (XSS)

EPSS 0.7%CWE-79
The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them (even when the unfileted_html is disabled)
Produtos afetados
Libin V Babu · Erident Custom Login and Dashboard

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://plugins.trac.wordpress.org/changeset/2507516https://wpscan.com/vulnerability/ec70f02b-02a1-4511-949e-68f2d9d37ca8