3 matches found
CVE-2021-24658
The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them even when the unfiletedhtml is disabled...
CVE-2021-24658
The CVE-2021-24658 entry concerns the WordPress plugin Erident Custom Login and Dashboard (before 3.5.9). The vulnerability arises from improper sanitisation of the plugin’s settings, enabling authenticated stored XSS by high-privilege users, even when the unfiled_html setting is disabled. Docume...
CVE-2021-24658 Erident Custom Login and Dashboard < 3.5.9 - Authenticated Stored Cross-Site Scripting (XSS)
The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them even when the unfiletedhtml is disabled...