WordPress Plugin Vulnerabilities

User Login History < 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description

The User Login History plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Affects Plugins

Fixed in 2.1.7

References

Classification

Type
XSS
CWE

Miscellaneous

Original Researcher
muhammad yudha
Verified
No

Timeline

Publicly Published
2025-05-07 (about 1 year ago)
Added
2025-05-13 (about 1 year ago)
Last Updated
2025-06-16 (about 1 year ago)

Other