Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for WP Login Security and History by Unknown

    CVE-2021-24328 (GCVE-0-2021-24328)

    Vulnerability from nvd – Published: 2021-06-01 11:33 – Updated: 2024-08-03 19:28
    VLAI
    Title
    WP Login Security and History <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)
    Summary
    The WP Login Security and History WordPress plugin through 1.0 did not have CSRF check when saving its settings, not any sanitisation or validation on them. This could allow attackers to make logged in administrators change the plugin's settings to arbitrary values, and set XSS payloads on them as well
    Severity
    No CVSS data available.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Unknown WP Login Security and History Affected: 1.0 , ≤ 1.0 (custom)
    Create a notification for this product.
    Credits
    m0ze
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:28:23.829Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/eeb41d7b-8f9e-4a12-b65f-f310f08e4ace"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://m0ze.ru/exploit/csrf-wp-login-security-and-history-v1.0.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-352%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WP Login Security and History",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThanOrEqual": "1.0",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "m0ze"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WP Login Security and History WordPress plugin through 1.0 did not have CSRF check when saving its settings, not any sanitisation or validation on them. This could allow attackers to make logged in administrators change the plugin\u0027s settings to arbitrary values, and set XSS payloads on them as well"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-01T11:33:31.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wpscan.com/vulnerability/eeb41d7b-8f9e-4a12-b65f-f310f08e4ace"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://m0ze.ru/exploit/csrf-wp-login-security-and-history-v1.0.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-352%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "WP Login Security and History \u003c= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24328",
              "STATE": "PUBLIC",
              "TITLE": "WP Login Security and History \u003c= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WP Login Security and History",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1.0",
                                "version_value": "1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "m0ze"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The WP Login Security and History WordPress plugin through 1.0 did not have CSRF check when saving its settings, not any sanitisation or validation on them. This could allow attackers to make logged in administrators change the plugin\u0027s settings to arbitrary values, and set XSS payloads on them as well"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/eeb41d7b-8f9e-4a12-b65f-f310f08e4ace",
                  "refsource": "CONFIRM",
                  "url": "https://wpscan.com/vulnerability/eeb41d7b-8f9e-4a12-b65f-f310f08e4ace"
                },
                {
                  "name": "https://m0ze.ru/exploit/csrf-wp-login-security-and-history-v1.0.html",
                  "refsource": "MISC",
                  "url": "https://m0ze.ru/exploit/csrf-wp-login-security-and-history-v1.0.html"
                },
                {
                  "name": "https://m0ze.ru/vulnerability/[2021-03-29]-[WordPress]-[CWE-352]-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt",
                  "refsource": "MISC",
                  "url": "https://m0ze.ru/vulnerability/[2021-03-29]-[WordPress]-[CWE-352]-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt"
                },
                {
                  "name": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt",
                  "refsource": "MISC",
                  "url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24328",
        "datePublished": "2021-06-01T11:33:31.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:28:23.829Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24328 (GCVE-0-2021-24328)

    Vulnerability from cvelistv5 – Published: 2021-06-01 11:33 – Updated: 2024-08-03 19:28
    VLAI
    Title
    WP Login Security and History <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)
    Summary
    The WP Login Security and History WordPress plugin through 1.0 did not have CSRF check when saving its settings, not any sanitisation or validation on them. This could allow attackers to make logged in administrators change the plugin's settings to arbitrary values, and set XSS payloads on them as well
    Severity
    No CVSS data available.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Unknown WP Login Security and History Affected: 1.0 , ≤ 1.0 (custom)
    Create a notification for this product.
    Credits
    m0ze
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:28:23.829Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/eeb41d7b-8f9e-4a12-b65f-f310f08e4ace"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://m0ze.ru/exploit/csrf-wp-login-security-and-history-v1.0.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-352%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WP Login Security and History",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThanOrEqual": "1.0",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "m0ze"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The WP Login Security and History WordPress plugin through 1.0 did not have CSRF check when saving its settings, not any sanitisation or validation on them. This could allow attackers to make logged in administrators change the plugin\u0027s settings to arbitrary values, and set XSS payloads on them as well"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-01T11:33:31.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wpscan.com/vulnerability/eeb41d7b-8f9e-4a12-b65f-f310f08e4ace"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://m0ze.ru/exploit/csrf-wp-login-security-and-history-v1.0.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-352%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "WP Login Security and History \u003c= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24328",
              "STATE": "PUBLIC",
              "TITLE": "WP Login Security and History \u003c= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WP Login Security and History",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "1.0",
                                "version_value": "1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "m0ze"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The WP Login Security and History WordPress plugin through 1.0 did not have CSRF check when saving its settings, not any sanitisation or validation on them. This could allow attackers to make logged in administrators change the plugin\u0027s settings to arbitrary values, and set XSS payloads on them as well"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/eeb41d7b-8f9e-4a12-b65f-f310f08e4ace",
                  "refsource": "CONFIRM",
                  "url": "https://wpscan.com/vulnerability/eeb41d7b-8f9e-4a12-b65f-f310f08e4ace"
                },
                {
                  "name": "https://m0ze.ru/exploit/csrf-wp-login-security-and-history-v1.0.html",
                  "refsource": "MISC",
                  "url": "https://m0ze.ru/exploit/csrf-wp-login-security-and-history-v1.0.html"
                },
                {
                  "name": "https://m0ze.ru/vulnerability/[2021-03-29]-[WordPress]-[CWE-352]-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt",
                  "refsource": "MISC",
                  "url": "https://m0ze.ru/vulnerability/[2021-03-29]-[WordPress]-[CWE-352]-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt"
                },
                {
                  "name": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt",
                  "refsource": "MISC",
                  "url": "https://m0ze.ru/vulnerability/%5B2021-03-29%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-Login-Security-and-History-WordPress-Plugin-v1.0.txt"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24328",
        "datePublished": "2021-06-01T11:33:31.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:28:23.829Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }