Search criteria
2 vulnerabilities by erident_custom_login_and_dashboard_project
CVE-2021-24658 (GCVE-0-2021-24658)
Vulnerability from cvelistv5 – Published: 2021-08-23 11:10 – Updated: 2024-08-03 19:35
VLAI
Title
Erident Custom Login and Dashboard < 3.5.9 - Authenticated Stored Cross-Site Scripting (XSS)
Summary
The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them (even when the unfileted_html is disabled)
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/ec70f02b-02a1-45… | x_refsource_MISC |
| https://plugins.trac.wordpress.org/changeset/2507516 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Libin V Babu | Erident Custom Login and Dashboard |
Affected:
3.5.9 , < 3.5.9
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/ec70f02b-02a1-4511-949e-68f2d9d37ca8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2507516"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Erident Custom Login and Dashboard",
"vendor": "Libin V Babu",
"versions": [
{
"lessThan": "3.5.9",
"status": "affected",
"version": "3.5.9",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Calver (Bulletproof Cyber)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them (even when the unfileted_html is disabled)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-23T11:10:20.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/ec70f02b-02a1-4511-949e-68f2d9d37ca8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2507516"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Erident Custom Login and Dashboard \u003c 3.5.9 - Authenticated Stored Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24658",
"STATE": "PUBLIC",
"TITLE": "Erident Custom Login and Dashboard \u003c 3.5.9 - Authenticated Stored Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Erident Custom Login and Dashboard",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.5.9",
"version_value": "3.5.9"
}
]
}
}
]
},
"vendor_name": "Libin V Babu"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "James Calver (Bulletproof Cyber)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them (even when the unfileted_html is disabled)"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/ec70f02b-02a1-4511-949e-68f2d9d37ca8",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/ec70f02b-02a1-4511-949e-68f2d9d37ca8"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2507516",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2507516"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24658",
"datePublished": "2021-08-23T11:10:20.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:35:20.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-9322 (GCVE-0-2015-9322)
Vulnerability from cvelistv5 – Published: 2019-08-16 20:19 – Updated: 2024-08-06 08:43
VLAI
Summary
The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/erident-custom-logi… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:43:42.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/erident-custom-login-and-dashboard/#developers"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-16T20:19:50.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/erident-custom-login-and-dashboard/#developers"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/erident-custom-login-and-dashboard/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/erident-custom-login-and-dashboard/#developers"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-9322",
"datePublished": "2019-08-16T20:19:50.000Z",
"dateReserved": "2019-08-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:43:42.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}