Lucene search
+L

45 matches found

Vulnrichment
Vulnrichment
added 2023/02/06 7:59 p.m.7 views

CVE-2022-4838 Clean Login < 1.13.7 - Contributor+ Stored XSS via Shortcode

The Clean Login WordPress plugin before 1.13.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

6.1AI score0.00573EPSS
Exploits2References1
CVE
CVE
added 2023/02/06 7:59 p.m.75 views

CVE-2022-4838

The CVE-2022-4838 entry concerns the WordPress plugin Clean Login before 1.13.7. The issue is a Stored XSS via shortcode attributes: the plugin does not validate and escape certain shortcode attributes before output, enabling a low-privilege user (as low as Contributor) to inject scripts that cou...

5.4CVSS5.3AI score0.00573EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/02/06 12:0 a.m.7 views

WordPress plugin Clean Login 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

5.4CVSS5.4AI score0.00573EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2023/01/10 12:0 a.m.21 views

Clean Login < 1.13.7 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Note: 1...

5.4CVSS1.5AI score0.00573EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2023/01/10 12:0 a.m.13 views

WordPress Clean Login Plugin < 1.13.7 is vulnerable to Cross Site Scripting (XSS)

Software Clean Login Type Plugin Vulnerable versions 1.13.7 Fixed in 1.13.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4838 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 22741728df39 Credits Lana Codes Required...

5.4CVSS5.9AI score0.00573EPSS
Exploits2References4Affected Software1
wpexploit
wpexploit
added 2023/01/10 12:0 a.m.87 views

Clean Login < 1.13.7 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Note: 1. Firs...

5.4CVSS0.6AI score0.00573EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2021/08/09 12:0 a.m.24 views

Clean Login 1.12.6.3 - Reflected Cross-Site Scripting

The plugin does not escape the url parameter in its login form page, leading to a Reflected Cross-Site Scripting issue PoC Append the following payload on a page where the clean-login shortcode is embed: ?url=" Example: https://example.com/clean-login/?url="...

6.5AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2021/08/09 12:0 a.m.6 views

WordPress Clean Login plugin <= 1.12.6.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress Clean Login plugin versions = 1.12.6.3. Solution Update the WordPress Clean Login plugin to the latest available version at least 1.12.6.4...

2.4AI score
Exploits0References2Affected Software1
wpexploit
wpexploit
added 2021/08/09 12:0 a.m.684 views

Clean Login 1.12.6.3 - Reflected Cross-Site Scripting

The plugin does not escape the url parameter in its login form page, leading to a Reflected Cross-Site Scripting issue Append the following payload on a page where the clean-login shortcode is embed: ?url="alert/XSS/ Example: https://example.com/clean-login/?url="alert/XSS/...

0.5AI score
Exploits0
CNVD
CNVD
added 2019/08/28 12:0 a.m.6 views

WordPress clean-login plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. clean-login is a front-end login and registration plugin used in it. A cross-site scripting vulnerability exists in the WordPress...

6.1CVSS6.3AI score0.00923EPSS
Exploits0References1
Prion
Prion
added 2019/08/22 1:15 p.m.11 views

Cross site scripting

The clean-login plugin before 1.5.1 for WordPress has reflected XSS...

4.3CVSS7.2AI score0.00923EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/08/22 12:20 p.m.51 views

CVE-2015-9336

The CVE-2015-9336 entry concerns the WordPress plugin clean-login, prior to version 1.5.1, which has a reflected XSS vulnerability. Affected component: clean-login plugin for WordPress. Root cause: input reflected in the response without proper sanitization (XSS). Practical impact: potential exec...

6.1CVSS6.4AI score0.00923EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/22 12:20 p.m.16 views

CVE-2015-9336

The clean-login plugin before 1.5.1 for WordPress has reflected XSS...

6.4AI score0.00923EPSS
Exploits0References1
CNVD
CNVD
added 2017/05/12 12:0 a.m.1 views

Wordpress plugin Clean Login cross-site request forgery vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the Wordpress plugin Clean Login, which can be exploited by attackers to...

6.7AI score
Exploits0References1
CNVD
CNVD
added 2017/05/11 12:0 a.m.8 views

WordPress Booking Calendar Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform developed using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.Booking Calendar is one of the appointment calendar plugins. A cross-site request forgery vulnerability exists in the Clean Login plugin for WordPress...

6.5CVSS6.7AI score0.00618EPSS
Exploits2References1
OSV
OSV
added 2017/05/10 5:29 a.m.7 views

CVE-2017-8875

CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL...

6.5CVSS5.8AI score0.00618EPSS
Exploits2References2
NVD
NVD
added 2017/05/10 5:29 a.m.15 views

CVE-2017-8875

CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL...

6.5CVSS6.6AI score0.00618EPSS
Exploits2References2
Prion
Prion
added 2017/05/10 5:29 a.m.17 views

Cross site request forgery (csrf)

CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL...

4.3CVSS6.6AI score0.00618EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2017/05/10 5:14 a.m.23 views

CVE-2017-8875

CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL...

6.6AI score0.00618EPSS
Exploits2References2
CVE
CVE
added 2017/05/10 5:14 a.m.48 views

CVE-2017-8875

The CVE-2017-8875 entry concerns the Clean Login plugin for WordPress prior to version 1.8. An explicit CSRF vulnerability allows remote attackers to modify the login/logout redirect URLs. The issue targets the plugin’s CSRF protection around the redirect URL settings (as evidenced by PoC in WPEX...

6.5CVSS6.6AI score0.00618EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder