CVE-2021-24658
N/A
N/A
Summary
The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them (even when the unfileted_html is disabled)
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Libin V Babu | Erident Custom Login and Dashboard | 3.5.9 < 3.5.9 | affected |
Weaknesses
- CWE-79: CWE-79 Cross-site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
- https://wpscan.com/vulnerability/ec70f02b-02a1-4511-949e-68f2d9d37ca8
- https://plugins.trac.wordpress.org/changeset/2507516
References
- https://wpscan.com/vulnerability/ec70f02b-02a1-4511-949e-68f2d9d37ca8
- https://plugins.trac.wordpress.org/changeset/2507516
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.