WordPress Plugin Vulnerabilities

Login/Signup Popup < 2.2 - Reflected Cross-Site Scripting

Description

The plugin does not escape its tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue

Proof of Concept

Affects Plugins

Plugin icon
easy-login-woocommerce
Fixed in 2.2

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.8 (high)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
aedd30e0-8b87-4008-9253-5e048c5d494d

Timeline

Publicly Published
2021-11-17 (about 4 years ago)
Added
2021-11-17 (about 4 years ago)
Last Updated
2021-11-17 (about 4 years ago)

Other

Published
Title
Published
2020-07-13
Title
Prolisting - Directory Listing < 1.27 - Unauthenticated Reflected XSS
Published
2023-02-21
Title
GetResponse for WordPress < 5.5.32 - Contributor+ Stored XSS
Published
2020-01-13
Title
Computer Repair Shop < 2.0 - Authenticated Stored XSS
Published
2025-04-24
Title
WoWHead Tooltips <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-07-23
Title
Jobmonster < 4.7.9 - Reflected Cross-Site Scripting