3 matches found
CVE-2021-24939
The LoginWP Formerly Peter's Login Redirect WordPress plugin before 3.0.0.5 does not sanitise and escape the rulloginurl and rullogouturl parameter before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting issue...
CVE-2021-24939 LoginWP < 3.0.0.5 - Reflected Cross-Site Scripting
The LoginWP Formerly Peter's Login Redirect WordPress plugin before 3.0.0.5 does not sanitise and escape the rulloginurl and rullogouturl parameter before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting issue...
CVE-2021-24939
The CVE concerns the WordPress plugin LoginWP (formerly Peter’s Login Redirect) prior to version 3.0.0.5. It fails to sanitize/escape the rul_login_url and rul_logout_url parameters before echoing them into admin-page attributes, resulting in a Reflected Cross-Site Scripting (XSS) vulnerability. ...