WordPress Plugin Vulnerabilities

Login Page Styler < 6.2.5 - Admin+ Stored XSS

Description

The plugin does not sanitise and escape some parameters, which could allow users with a role of Admin to perform Cross-Site Scripting attacks

Affects Plugins

Plugin icon
login-page-styler
Fixed in 6.2.5

References

CVE
CVE-2022-46861

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
Justiice
Verified
No
WPVDB ID
871cad6a-9425-4320-943b-363171f43a95

Timeline

Publicly Published
2023-04-19 (about 2 years ago)
Added
2023-05-10 (about 2 years ago)
Last Updated
2023-09-28 (about 2 years ago)

Other

Published
Title
Published
2024-04-15
Title
WP-Cufon <= 1.6.10 - Unauthenticated Stored Cross-Site Scripting
Published
2025-01-16
Title
WooCommerce Order Search <= 1.1.0 - Reflected Cross-Site Scripting
Published
2022-08-25
Title
Poll, Survey, Questionnaire and Voting system <= 1.7.4 - Admin+ Stored XSS
Published
2014-08-01
Title
WP e-Commerce Predictive Search - "rs" Cross-Site Scripting
Published
2022-12-28
Title
WPZOOM Portfolio < 1.2.2 - Contributor+ Stored XSS via Shortcode