Vulnerability CVE-2023-4549
Published: 2023-09-25

Description:
The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form.

Type:

CWE-79

 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 References:
https://wpscan.com/vulnerability/8aebead0-0eab-4d4e-8ceb-8fea0760374f
Copyright 2026, cxsecurity.com

 

Back to Top