3 matches found
WordPress Customize Login Image <3.5.3 - Cross-Site Scripting
WordPress Customize Login Image plugin prior to 3.5.3 contains a cross-site scripting vulnerability via the custom logo link on the Settings page. This can allow an attacker to steal cookie-based authentication credentials and launch other attacks. id: CVE-2021-33851 info: name: WordPress Customi...
CVE-2021-33851
A cross-site scripting XSS attack can cause arbitrary code JavaScript to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin...
CVE-2021-33851
Product/Component: WordPress Customize Login Image plugin (pre-3.5.3)\n\nVulnerability: Stored Cross-Site Scripting (XSS) via the custom logo link on the Settings page. The XSS payload can execute in the victim’s browser and, per sources, may enable theft of cookie-based credentials and further a...