PT-2021-16057 · WordPress · Custom Login Redirect

Vinay Bhuria

Published

2021-08-16

Updated

2021-08-23

CVE-2021-24536

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Custom Login Redirect WordPress plugin version 1.0.0

Description The issue is related to the lack of a CSRF check when saving settings and the failure to sanitise or escape user input before outputting it back in the page. This leads to a Stored Cross-Site Scripting issue, which can be exploited by attackers.

Recommendations For Custom Login Redirect WordPress plugin version 1.0.0, consider disabling the plugin until a patch is available to prevent potential exploitation. Restrict access to the settings page to minimize the risk of Stored Cross-Site Scripting attacks. Avoid using the plugin until the issue is resolved.

Exploit

Fix

XSS

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-352

Related Identifiers

CVE-2021-24536

Affected Products

Custom Login Redirect

PT-2021-16057 · WordPress · Custom Login Redirect

CVE-2021-24536

Weakness Enumeration

Related Identifiers

Affected Products

References · 5