The LoginWP (Formerly Peter's Login Redirect) WordPress plugin before 3.0.0.5 does not sanitise and escape the rul_login_url and rul_logout_url parameter before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting...
6.1CVSS
6AI Score
0.001EPSS
The peters-login-redirect plugin before 2.9.1 for WordPress has XSS during the editing of redirect...
6.1CVSS
6.1AI Score
0.001EPSS
8.8CVSS
8.7AI Score
0.001EPSS