The WP Login Security and History WordPress plugin through 1.0 did not have CSRF check when saving its settings, not any sanitisation or validation on them. This could allow attackers to make logged in administrators change the plugin's settings to arbitrary values, and set XSS payloads on them as well
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2021-06-01T11:33:31
Updated: 2024-08-03T19:28:23.829Z
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24328
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-06-01T14:15:09.297
Modified: 2024-11-21T05:52:51.253
Link: CVE-2021-24328
Redhat
No data.