2 matches found
CVE-2021-34628
The CVE-2021-34628 issue affects the WordPress Admin Custom Login plugin up to version 3.2.7. It is a Cross-Site Request Forgery (CSRF) vulnerability caused by the loginbgSave action in login-form-background.php, which can lead to stored Cross-Site Scripting (XSS) by injecting arbitrary scripts. ...
CVE-2017-20098
CVE-2017-20098 affects the WordPress Admin Custom Login Plugin version 2.4.5.2. The issue is described as a manipulation of an unknown function that leads to basic persistent cross-site scripting (XSS). The vulnerability is reported as exploitable remotely. Several connected sources (Red Hat, CNV...