CVE-2023-5940

Name of the Vulnerable Software and Affected Versions WP Not Login Hide (WPNLH) WordPress plugin version 1.0

Description The WP Not Login Hide (WPNLH) WordPress plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered html capability is disallowed, for example in multisite setup.

Recommendations For version 1.0, update to a newer version that addresses the issue of sanitising and escaping settings to prevent Stored Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.