The Custom Login Redirect WordPress plugin through 1.0.0 does not have CSRF check in place when saving its settings, and do not sanitise or escape user input before outputting them back in the page, leading to a Stored Cross-Site Scripting issue
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/e1ca9978-a44d-4717-b963-acaf56258fc9 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2021-08-16 11:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-24536
Mitre link : CVE-2021-24536
CVE.ORG link : CVE-2021-24536
JSON object : View
Products Affected
custom_login_redirect_project
- custom_login_redirect