WordPress plugin WP Customize Login 'Change Logo Title' cross-site scripting vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up websites on servers supporting PHP and MySQL databases, and can also be used as a content management system CMS. cross-site scripting vulnerability exists in the WordPress plugin WP Customize Login 'Change Log...

CVE-2021-24581

The Blue Admin WordPress plugin through 21.06.01 does not sanitise or escape its "Logo Title" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its settings, allowing the issue to be exploited...

WordPress plugin Blue Admin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress WP Customize Login 1.1 Cross Site Scripting

Exploit Title: WordPress Plugin WP Customize Login 1.1 - 'Change Logo Title' Stored Cross-Site Scripting XSS Date: 2021-08-03 Exploit Author: Aryan Chehreghani Software Link: https://wordpress.org/plugins/customize-login/ Version: 1.1 Tested on: Windows 10 How to Reproduce this Vulnerability: 1...

WP Customize Login <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin is vulnerable to Authenticated Stored Cross-Site Scripting XSS in the "Change Logo URL" and Change Logo Title" settings...