45 matches found
CVE-2022-4838 Clean Login < 1.13.7 - Contributor+ Stored XSS via Shortcode
The Clean Login WordPress plugin before 1.13.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...
CVE-2022-4838
The CVE-2022-4838 entry concerns the WordPress plugin Clean Login before 1.13.7. The issue is a Stored XSS via shortcode attributes: the plugin does not validate and escape certain shortcode attributes before output, enabling a low-privilege user (as low as Contributor) to inject scripts that cou...
WordPress plugin Clean Login 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...
Clean Login < 1.13.7 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Note: 1...
WordPress Clean Login Plugin < 1.13.7 is vulnerable to Cross Site Scripting (XSS)
Software Clean Login Type Plugin Vulnerable versions 1.13.7 Fixed in 1.13.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4838 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 22741728df39 Credits Lana Codes Required...
Clean Login < 1.13.7 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Note: 1. Firs...
Clean Login 1.12.6.3 - Reflected Cross-Site Scripting
The plugin does not escape the url parameter in its login form page, leading to a Reflected Cross-Site Scripting issue PoC Append the following payload on a page where the clean-login shortcode is embed: ?url=" Example: https://example.com/clean-login/?url="...
WordPress Clean Login plugin <= 1.12.6.3 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress Clean Login plugin versions = 1.12.6.3. Solution Update the WordPress Clean Login plugin to the latest available version at least 1.12.6.4...
Clean Login 1.12.6.3 - Reflected Cross-Site Scripting
The plugin does not escape the url parameter in its login form page, leading to a Reflected Cross-Site Scripting issue Append the following payload on a page where the clean-login shortcode is embed: ?url="alert/XSS/ Example: https://example.com/clean-login/?url="alert/XSS/...
WordPress clean-login plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. clean-login is a front-end login and registration plugin used in it. A cross-site scripting vulnerability exists in the WordPress...
Cross site scripting
The clean-login plugin before 1.5.1 for WordPress has reflected XSS...
CVE-2015-9336
The CVE-2015-9336 entry concerns the WordPress plugin clean-login, prior to version 1.5.1, which has a reflected XSS vulnerability. Affected component: clean-login plugin for WordPress. Root cause: input reflected in the response without proper sanitization (XSS). Practical impact: potential exec...
CVE-2015-9336
The clean-login plugin before 1.5.1 for WordPress has reflected XSS...
Wordpress plugin Clean Login cross-site request forgery vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the Wordpress plugin Clean Login, which can be exploited by attackers to...
WordPress Booking Calendar Cross-Site Request Forgery Vulnerability
WordPress is a blogging platform developed using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.Booking Calendar is one of the appointment calendar plugins. A cross-site request forgery vulnerability exists in the Clean Login plugin for WordPress...
CVE-2017-8875
CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL...
CVE-2017-8875
CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL...
Cross site request forgery (csrf)
CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL...
CVE-2017-8875
CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL...
CVE-2017-8875
The CVE-2017-8875 entry concerns the Clean Login plugin for WordPress prior to version 1.8. An explicit CSRF vulnerability allows remote attackers to modify the login/logout redirect URLs. The issue targets the plugin’s CSRF protection around the redirect URL settings (as evidenced by PoC in WPEX...