Vulnerability Description
The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them (even when the unfileted_html is disabled)
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Erident Custom Login And Dashboard Project | Erident Custom Login And Dashboard | < 3.5.9 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset/2507516PatchThird Party Advisory
- https://wpscan.com/vulnerability/ec70f02b-02a1-4511-949e-68f2d9d37ca8ExploitThird Party Advisory
- https://plugins.trac.wordpress.org/changeset/2507516PatchThird Party Advisory
- https://wpscan.com/vulnerability/ec70f02b-02a1-4511-949e-68f2d9d37ca8ExploitThird Party Advisory
FAQ
What is CVE-2021-24658?
CVE-2021-24658 is a vulnerability with a CVSS score of 4.8 (MEDIUM). The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them (even when the unfileted_html is ...
How severe is CVE-2021-24658?
CVE-2021-24658 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24658?
Check the references section above for vendor advisories and patch information. Affected products include: Erident Custom Login And Dashboard Project Erident Custom Login And Dashboard.