CVE-2021-24658

EUVD-2021-11570
The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them (even when the unfileted_html is disabled)
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
erident_custom_login_and_dashboard_projecterident_custom_login_and_dashboard
𝑥
< 3.5.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://plugins.trac.wordpress.org/changeset/2507516
https://wpscan.com/vulnerability/ec70f02b-02a1-4511-949e-68f2d9d37ca8
https://plugins.trac.wordpress.org/changeset/2507516
https://wpscan.com/vulnerability/ec70f02b-02a1-4511-949e-68f2d9d37ca8