WordPress Plugin Vulnerabilities

Admin Custom Login < 2.4.8 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The Admin Custom Login WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
admin-custom-login
Fixed in 2.4.8

References

URL
https://sumofpwn.nl/advisory/2016/admin_custom_login_wordpress_plugin_affected_by_persistent_cross_site_scripting_via_logo_url_field.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
a4505af5-ba74-4074-8ad8-3ef4dd0df6a5

Timeline

Publicly Published
2017-03-01 (about 9 years ago)
Added
2017-03-03 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2024-03-27
Title
Elementor Addon Elements < 1.13.2 - Contributor+ Stored XSS
Published
2025-03-27
Title
WooCommerce Fattureincloud < 2.6.8 - Reflected Cross-Site Scripting
Published
2024-09-03
Title
Popup Box < 4.7.8 - Admin+ Stored XSS
Published
2021-06-21
Title
Prismatic < 2.8 - Reflected Cross-Site Scripting (XSS)
Published
2015-08-25
Title
Post video players <= 1.136 - Authenticated Stored Cross-Site Scripting (XSS)