19 matches found
EUVD-2021-11570
Malware in sbrugna...
EUVD-2015-9162
Malware in sbrugna...
CVE-2021-24658
The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them even when the unfiletedhtml is disabled...
CVE-2021-24658
The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them even when the unfiletedhtml is disabled...
CVE-2021-24658
The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them even when the unfiletedhtml is disabled...
Design/Logic Flaw
The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them even when the unfiletedhtml is disabled...
CVE-2021-24658
The CVE-2021-24658 entry concerns the WordPress plugin Erident Custom Login and Dashboard (before 3.5.9). The vulnerability arises from improper sanitisation of the plugin’s settings, enabling authenticated stored XSS by high-privilege users, even when the unfiled_html setting is disabled. Docume...
WordPress plugin Erident Custom Login and Dashboard 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress...
WordPress Erident Custom Login and Dashboard plugin <= 3.5.8 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered in WordPress Erident Custom Login and Dashboard plugin versions = 3.5.8. Solution Update the WordPress Erident Custom Login and Dashboard plugin to the latest available version at least 3.5.9...
Erident Custom Login and Dashboard < 3.5.9 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them even when the unfiletedhtml is disabled Use a payload such as a" in the plugin settings for example, the Powered by Text input...
Erident Custom Login and Dashboard < 3.5.9 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them even when the unfiletedhtml is disabled PoC Use a payload such as a" in the plugin settings for example, the Powered by Text input...
WordPress erident-custom-login-and-dashboard plugin cross-site request forgery vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress erident-custom-login-and-dashboard plugin...
CVE-2015-9322
The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF...
CVE-2015-9322
The CVE concerns the WordPress plugin erident-custom-login-and-dashboard (before version 3.5), where CSRF is reported. Multiple connected sources corroborate CSRF as the underlying issue (CVE entry, Red Hat advisory, CNVD, CVE List, CVE record). The NVD details show CVSS scores: CVSS v2 base 6.8 ...
WordPress Erident Custom and Dashboard Plugin Cross-Site Scripting Vulnerabilities
WordPress is a blogging platform developed in PHP, which supports personal blog sites on PHP and MySQL servers.Erident Custom Login is a plugin to customize the login screen of the WordPress console.The WordPress Dashboard is the first page you see after logging in to the backend. The first page...
WordPress Erident Custom Login and Dashboard Plugin <= 3.4.1 - Stored XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
Erident Custom Login & Dashboard 3.4-3.4.1 - Stored Cross-Site Scripting (XSS)
The Erident Custom Login and Dashboard plugin exposes a call to the updateoption method, when a specific POST field is posted to the plugins setting screen. No CSRF token is used, and as such if an Administrative user can be tricked into visiting a site with a malicious form, it is possible to...
Erident Custom Login & Dashboard 3.4-3.4.1 - Stored Cross-Site Scripting (XSS)
The Erident Custom Login and Dashboard plugin exposes a call to the updateoption method, when a specific POST field is posted to the plugins setting screen. No CSRF token is used, and as such if an Administrative user can be tricked into visiting a site with a malicious form, it is possible to...
WordPress Erident Custom Login and Dashboard Plugin <= 3.4.1 - Unspecified CSRF
This plugin is prone to a cross site request forgery vulnerability. Solution Update the plugin...