Erident Custom Login and Dashboard < 3.5.9 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The plugin did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them (even when the unfileted_html is disabled)

Proof of Concept

Use a payload such as a"><img src onerror=alert(/XSS/)> in the plugin settings (for example, the Powered by Text input)

Affects Plugins

erident-custom-login-and-dashboard

Fixed in version 3.5.9✓

References

CVE

CVE-2021-24658

URL

https://plugins.trac.wordpress.org/changeset/2507516

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

James Calver, Bulletproof Cyber

Verified

Yes

WPVDB ID

ec70f02b-02a1-4511-949e-68f2d9d37ca8

Timeline

Publicly Published

2021-04-01 (about 6 months ago)

Added

2021-04-02 (about 6 months ago)

Last Updated

2021-08-19 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin