CVE-2021-24214

Summary

The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration.

Affected Software

VendorProductVersion RangeStatus
daggerhartOpenID Connect Generic Client3.8.0 < 3.8.0*affected
daggerhartOpenID Connect Generic Client3.8.2 < 3.8.2affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References