The Custom Login Redirect WordPress plugin through 1.0.0 does not have CSRF check in place when saving its settings, and do not sanitise or escape user input before outputting them back in the page, leading to a Stored Cross-Site Scripting issue
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/e1ca9978-a44d-4717-b963-acaf56258fc9 | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/e1ca9978-a44d-4717-b963-acaf56258fc9 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:53
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/e1ca9978-a44d-4717-b963-acaf56258fc9 - Exploit, Third Party Advisory |
Information
Published : 2021-08-16 11:15
Updated : 2024-11-21 05:53
NVD link : CVE-2021-24536
Mitre link : CVE-2021-24536
CVE.ORG link : CVE-2021-24536
JSON object : View
Products Affected
custom_login_redirect_project
- custom_login_redirect