EUVD-2021-11570

Malware in sbrugna...

EUVD-2015-9162

Malware in sbrugna...

CVE-2021-24658

The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them even when the unfiletedhtml is disabled...

CVE-2021-24658

The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them even when the unfiletedhtml is disabled...

Design/Logic Flaw

The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them even when the unfiletedhtml is disabled...

CVE-2021-24658

The CVE-2021-24658 entry concerns the WordPress plugin Erident Custom Login and Dashboard (before 3.5.9). The vulnerability arises from improper sanitisation of the plugin’s settings, enabling authenticated stored XSS by high-privilege users, even when the unfiled_html setting is disabled. Docume...

Erident Custom Login and Dashboard < 3.5.9 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them even when the unfiletedhtml is disabled Use a payload such as a" in the plugin settings for example, the Powered by Text input...

Erident Custom Login and Dashboard < 3.5.9 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them even when the unfiletedhtml is disabled PoC Use a payload such as a" in the plugin settings for example, the Powered by Text input...

WordPress erident-custom-login-and-dashboard plugin cross-site request forgery vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress erident-custom-login-and-dashboard plugin...

WordPress Erident Custom and Dashboard Plugin Cross-Site Scripting Vulnerabilities

WordPress is a blogging platform developed in PHP, which supports personal blog sites on PHP and MySQL servers.Erident Custom Login is a plugin to customize the login screen of the WordPress console.The WordPress Dashboard is the first page you see after logging in to the backend. The first page...

WordPress Erident Custom Login and Dashboard Plugin <= 3.4.1 - Stored XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

Erident Custom Login & Dashboard 3.4-3.4.1 - Stored Cross-Site Scripting (XSS)

The Erident Custom Login and Dashboard plugin exposes a call to the updateoption method, when a specific POST field is posted to the plugins setting screen. No CSRF token is used, and as such if an Administrative user can be tricked into visiting a site with a malicious form, it is possible to...

Erident Custom Login & Dashboard 3.4-3.4.1 - Stored Cross-Site Scripting (XSS)

The Erident Custom Login and Dashboard plugin exposes a call to the updateoption method, when a specific POST field is posted to the plugins setting screen. No CSRF token is used, and as such if an Administrative user can be tricked into visiting a site with a malicious form, it is possible to...