CVE-2023-4549

Summary

The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form.

Affected Software

VendorProductVersion RangeStatus
UnknownDoLogin Security0 < 3.7affected

Weaknesses

  • CWE-79 Cross-Site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References