The WP Awesome Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
Metrics
Affected Vendors & Products
References
History
Mon, 28 Oct 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Elvishp2006
Elvishp2006 wp Awesome Login |
|
CPEs | cpe:2.3:a:elvishp2006:wp_awesome_login:*:*:*:*:*:*:*:* | |
Vendors & Products |
Elvishp2006
Elvishp2006 wp Awesome Login |
|
Metrics |
ssvc
|
Sat, 26 Oct 2024 04:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The WP Awesome Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | |
Title | WP Awesome Login <= 0.4.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-10-26T04:30:31.547Z
Updated: 2024-10-28T17:50:07.077Z
Reserved: 2024-10-03T01:32:52.495Z
Link: CVE-2024-9456
Vulnrichment
Updated: 2024-10-28T17:49:58.796Z
NVD
Status : Awaiting Analysis
Published: 2024-10-26T05:15:17.773
Modified: 2024-10-28T13:58:09.230
Link: CVE-2024-9456
Redhat
No data.