5 matches found
CVE-2023-4549
The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form...
WordPress DoLogin Security Plugin < 3.7 is vulnerable to Cross Site Scripting (XSS)
Software DoLogin Security Type Plugin Vulnerable versions 3.7 Fixed in 3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4549 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ea7d8ad59ce2 Credits Bartlomiej Marek and...
CVE-2023-4549
The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form...
CVE-2023-4549
CVE-2023-4549 concerns the DoLogin Security WordPress plugin, affected versions prior to 3.7. The vulnerability stems from improper sanitization of IPs from the X-Forwarded-For header, enabling a stored Cross-Site Scripting (XSS) attack through WordPress’ login form. Public references in the prov...
CVE-2023-4549 DoLogin Security < 3.7 - Unauthenticated Stored Cross-Site Scripting
The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form...