3 matches found
CVE-2019-15115
The CVE-2019-15115 entry concerns the WordPress plugin Peters Login Redirect, vulnerable to CSRF in all releases before 2.9.2. Multiple connected sources confirm a cross-site request forgery flaw in this plugin, with CVSS3 base score 8.8 (HIGH) and CVSS2 6.8 (MEDIUM). Impact is described as affec...
CVE-2021-24939
The CVE concerns the WordPress plugin LoginWP (formerly Peter’s Login Redirect) prior to version 3.0.0.5. It fails to sanitize/escape the rul_login_url and rul_logout_url parameters before echoing them into admin-page attributes, resulting in a Reflected Cross-Site Scripting (XSS) vulnerability. ...
CVE-2016-10925
The CVE-2016-10925 entry concerns the WordPress plugin Petersers Login Redirect (before 2.9.1). The vulnerability is an XSS flaw that occurs during editing of redirect URLs, enabling attacker-controlled script execution in certain contexts. Identified in multiple feeds (NVD entry and Red Hat adv...