Vulnerability Description
The Login Configurator WordPress plugin through 2.1 does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site administrators.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Login Configurator Project | Login Configurator | <= 2.1 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/173723/WordPress-Login-Configurator-2.1-CroExploitThird Party Advisory
- https://wpscan.com/vulnerability/dbe6cf09-971f-42e9-b744-9339454168c7ExploitThird Party Advisory
- http://packetstormsecurity.com/files/173723/WordPress-Login-Configurator-2.1-CroExploitThird Party Advisory
- https://wpscan.com/vulnerability/dbe6cf09-971f-42e9-b744-9339454168c7ExploitThird Party Advisory
FAQ
What is CVE-2023-1893?
CVE-2023-1893 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The Login Configurator WordPress plugin through 2.1 does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site ...
How severe is CVE-2023-1893?
CVE-2023-1893 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-1893?
Check the references section above for vendor advisories and patch information. Affected products include: Login Configurator Project Login Configurator.