WordPress · Erident-Custom-Login-And-Dashboard · CVE-2021-24658
**Name of the Vulnerable Software and Affected Versions**
Erident Custom Login and Dashboard WordPress plugin versions prior to 3.5.9
**Description**
The issue allows high privilege users to use XSS payloads in the plugin's settings, even when the unfiltered html option is disabled, due to improper sanitization.
**Recommendations**
For versions prior to 3.5.9, update to version 3.5.9 or later to resolve the issue.