RSS   Vulnerabilities for 'Loginwp'   RSS

2021-12-06
 
CVE-2021-24939

CWE-79
 

 
The LoginWP (Formerly Peter's Login Redirect) WordPress plugin before 3.0.0.5 does not sanitise and escape the rul_login_url and rul_logout_url parameter before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting issue

 

 >>> Vendor: Profilepress 4 Products
Wp-user-avatar
Profilepress
Loginwp
User registration\, login form\, user profile \& membership


Copyright 2024, cxsecurity.com

 

Back to Top