VYPR
Medium severity5.4NVD Advisory· Published Mar 10, 2022· Updated Jun 17, 2026

CVE-2021-33851

CVE-2021-33851

Description

A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin.

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.