CVE-2023-1893

Name of the Vulnerable Software and Affected Versions Login Configurator WordPress plugin versions through 2.1

Description The issue is related to a reflected cross-site scripting vulnerability. It occurs because the plugin does not properly escape a URL parameter before outputting it to the page, targeting site administrators.

Recommendations For versions through 2.1, update to a version that properly escapes URL parameters to prevent reflected cross-site scripting. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.