Unrated severityNVD Advisory· Published Jun 1, 2021· Updated Aug 3, 2024

WP Login Security and History <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)

CVE-2021-24328

Description

The WP Login Security and History WordPress plugin through 1.0 did not have CSRF check when saving its settings, not any sanitisation or validation on them. This could allow attackers to make logged in administrators change the plugin's settings to arbitrary values, and set XSS payloads on them as well

Affected products

Unknown/Wp Login Security And Historyv5
Range: 1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

m0ze.ru/exploit/csrf-wp-login-security-and-history-v1.0.htmlmitrex_refsource_MISC
m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-352%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txtmitrex_refsource_MISC
m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txtmitrex_refsource_MISC
wpscan.com/vulnerability/eeb41d7b-8f9e-4a12-b65f-f310f08e4acemitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000