Home Tools Exploits & CVE's WordPress Login Configurator 2.1 Cross Site Scripting

WordPress Login Configurator 2.1 Cross Site Scripting

July 26, 2023

304

WordPress Login Configurator plugin version 2.1 and below suffer from a cross site scripting vulnerability.

advisories | CVE-2023-1893

Tittle:
WordPress Plugin Login Configurator <= 2.1 - Reflected Cross-Site Scripting

References:
CVE-2023-1893

Author:
Taurus Omar 

Description:
The plugin does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site administrators.

Affects Plugins:
Login Configurator - No known fix - plugin closed

Proof of Concept:

Visit the following path:

/wp-admin/options-general.php?page=login-configurator-options&tab=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E#top  


Classification:
Type XSS 
OWASP top 10 A7: Cross-Site Scripting (XSS)
CWE-79

wpScan:
https://wpscan.com/vulnerability/dbe6cf09-971f-42e9-b744-9339454168c7

WordPress Login Configurator 2.1 Cross Site Scripting

EDITOR PICKS

Windows PspBuildCreateProcessContext Double-Fetch / Buffer Overflow

Online Tours And Travels Management System 1.0 SQL Injection

Packet Storm New Exploits For April, 2024

POPULAR POSTS

ESET NOD32 Antivirus 17.1.11.0 Unquoted Service Path

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

POPULAR CATEGORY

Follow us on Instagram @thecyberpost

EDITOR PICKS

POPULAR POSTS

POPULAR CATEGORY