Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2021-95951
HistoryDec 09, 2021 - 12:00 a.m.

WordPress LoginWP plugin cross-site scripting vulnerability

2021-12-0900:00:00
China National Vulnerability Database
www.cnvd.org.cn
6
wordpress
loginwp plugin
cross-site scripting
vulnerability
php
mysql
data validation
javascript
client side

EPSS

0.001

Percentile

43.7%

WordPress is the WordPress Foundation’s suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress LoginWP plugin has a cross-site scripting vulnerability in versions prior to 3.0.0.5, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability to execute JavaScript code on the client side.

EPSS

0.001

Percentile

43.7%