Lucene search
WpvulndbWPVDB-ID:8126FF73-C0E5-4C1B-BA10-2E51F690521EHistoryMay 02, 2023 - 12:00 a.m.
Loginizer 1.7.8 - Reflected XSS
2023-05-0200:00:00
wpscan.com
12
reflected cross-site scripting
parameter escaping
admin privileges
EPSS
0.001
Percentile
31.2%
The plugin does not escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PoC
Make a logged in admin open a page with the code below
Related
nvd
nvd
CVE-2023-2296
2023-05-30 08:15:10
prion
prion
Cross site scripting
2023-05-30 08:15:00
openvas
openvas
WordPress Loginizer Plugin < 1.7.9 XSS Vulnerability
2023-06-07 00:00:00
wpexploit
wpexploit
Loginizer 1.7.8 - Reflected XSS
2023-05-02 00:00:00
cve
cve
CVE-2023-2296
2023-05-30 08:15:10
cvelist
cvelist
CVE-2023-2296 Loginizer 1.7.8 - Reflected XSS
2023-05-30 07:49:21
wordfence
wordfence