20 matches found
CVE-2023-5243
The Login Screen Manager WordPress plugin through 3.5.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-47182
Cross-Site Request Forgery CSRF leading to a Stored Cross-Site Scripting XSS vulnerability in Nazmul Hossain Nihal Login Screen Manager plugin = 3.5.2 versions...
Login Screen Manager <= 3.5.2 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2023-47182
Cross-Site Request Forgery CSRF leading to a Stored Cross-Site Scripting XSS vulnerability in Nazmul Hossain Nihal Login Screen Manager plugin = 3.5.2 versions...
CVE-2023-47182
Cross-Site Request Forgery CSRF leading to a Stored Cross-Site Scripting XSS vulnerability in Nazmul Hossain Nihal Login Screen Manager plugin = 3.5.2 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF leading to a Stored Cross-Site Scripting XSS vulnerability in Nazmul Hossain Nihal Login Screen Manager plugin = 3.5.2 versions...
CVE-2023-47182 WordPress Login Screen Manager Plugin <= 3.5.2 is vulnerable to Cross Site Scripting (XSS)
Cross-Site Request Forgery CSRF leading to a Stored Cross-Site Scripting XSS vulnerability in Nazmul Hossain Nihal Login Screen Manager plugin = 3.5.2 versions...
CVE-2023-47182
CVE-2023-47182 affects the WordPress plugin “Nazmul Hossain Nihal Login Screen Manager” ≤ 3.5.2. The root issue is a CSRF vulnerability that enables a Stored XSS payload when a logged-in admin is targeted, due to missing CSRF checks and insufficient sanitisation/escaping in some code paths. Repor...
PT-2023-30349 · WordPress · Nazmul Hossain Nihal Login Screen Manager
Name of the Vulnerable Software and Affected Versions: Nazmul Hossain Nihal Login Screen Manager plugin versions = 3.5.2 Description: The issue is related to a Cross-Site Request Forgery CSRF that leads to a Stored Cross-Site Scripting XSS vulnerability. This allows an attacker to perform...
WordPress Plugin Login Screen Manager Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...
CVE-2023-5243
The Login Screen Manager WordPress plugin through 3.5.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
The Login Screen Manager WordPress plugin through 3.5.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-5243 Login screen manager <= 3.5.2 - Admin+ Stored XSS
The Login Screen Manager WordPress plugin through 3.5.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-5243 Login screen manager <= 3.5.2 - Admin+ Stored XSS
The Login Screen Manager WordPress plugin through 3.5.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-5243
CVE-2023-5243 affects the Login Screen Manager WordPress plugin (versions up to 3.5.2). The root cause is improper sanitization/escapement of certain settings, enabling Stored XSS by high-privilege users (e.g., Admin) even with unfiltered_html disallowed. Documented impact includes stored XSS on ...
WordPress Login Screen Manager Plugin <= 3.5.2 is vulnerable to Cross Site Scripting (XSS)
Software Login Screen Manager Type Plugin Vulnerable versions = 3.5.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5243 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7d813a002456 Credits Nano Required privile...
WordPress Login Screen Manager Plugin <= 3.5.2 is vulnerable to Cross Site Scripting (XSS)
Software Login Screen Manager Type Plugin Vulnerable versions = 3.5.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47182 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 33ab93e220c0 Credits Nano Required privilege...
WordPress Plugin Login Screen Manager Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Login screen manager <= 3.5.2 - Admin+ Stored XSS
Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Put the following payload in the "Hov...
Login screen manager <= 3.5.2 - Admin+ Stored XSS
Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC Put the following payload in the...