CVE-2021-24658 Erident Custom Login and Dashboard < 3.5.9 - Authenticated Stored Cross-Site Scripting (XSS)

2021-08-2311:10:20

CWE-79

WPScan

www.cve.org

cve-2021-24658

authenticated stored cross-site scripting

wordpress

EPSS

0.001

Percentile

21.4%

JSON

The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them (even when the unfileted_html is disabled)

CNA Affected

[
  {
    "product": "Erident Custom Login and Dashboard",
    "vendor": "Libin V Babu",
    "versions": [
      {
        "lessThan": "3.5.9",
        "status": "affected",
        "version": "3.5.9",
        "versionType": "custom"
      }
    ]
  }
]

References

plugins.trac.wordpress.org/changeset/2507516

wpscan.com/vulnerability/ec70f02b-02a1-4511-949e-68f2d9d37ca8

EPSS

0.001

Percentile

21.4%

JSON

Related for CVELIST:CVE-2021-24658