Unrated severityNVD Advisory· Published Sep 25, 2023· Updated Aug 2, 2024

DoLogin Security < 3.7 - Unauthenticated Stored Cross-Site Scripting

CVE-2023-4549

Description

The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

WordPress/DoLogin Security plugindescription
WPDO/DoLogin Securityllm-fuzzy
Range: <3.7

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/8aebead0-0eab-4d4e-8ceb-8fea0760374fmitreexploitvdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000