CVE-2021-34628

August 11, 2021

The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the ~/includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.7.

Summary:

The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the ~/includes/Login-form-setting/Login-form-background.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.7.

Reference Links(if available):

  • https://plugins.trac.wordpress.org/browser/admin-custom-login/tags/3.2.7/includes/login-form-setting/login-form-background.php#L686
  • https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34628

  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    image

    [BIANLIAN] – Ransomware Victim: Caframo Limited[.]

    December 26, 2024
    image

    [FOG] – Ransomware Victim: Ober Mountain (OberGatlinburg[.]com)

    December 26, 2024
    image

    [CIPHBIT] – Ransomware Victim: Pergher Notariat

    December 26, 2024
    image

    [AKIRA] – Ransomware Victim: Charlie’s Tax Service

    December 26, 2024
    image

    [AKIRA] – Ransomware Victim: E-Tank

    December 26, 2024