CVE-2021-24658

Published: Aug 23, 2021Modified: Jun 17, 2026

4.8

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Exploitability: 1.7 / Impact: 2.7

Source: NVD

Description

The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them (even when the unfileted_html is disabled)

Affected (1)

Products: Erident Custom Login And Dashboard Project: Erident Custom Login And Dashboard

Erident Custom Login And Dashboard Project

1 product

Erident Custom Login And Dashboard

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Erident Custom Login And Dashboard Project Erident Custom Login And Dashboard	Before 3.5.9

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

https://plugins.trac.wordpress.org/changeset/2507516

Source: contact@wpscan.com

PatchThird Party Advisory

https://wpscan.com/vulnerability/ec70f02b-02a1-4511-949e-68f2d9d37ca8

Source: contact@wpscan.com

ExploitThird Party Advisory

https://plugins.trac.wordpress.org/changeset/2507516

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://wpscan.com/vulnerability/ec70f02b-02a1-4511-949e-68f2d9d37ca8

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.