CVE-2021-24328

MEDIUM

WP Login Security and History < 1.0 - Cross-Site Request Forgery and Stored Cross-Site Scripting

Title source: llm
STIX 2.1

Description

The WP Login Security and History WordPress plugin through 1.0 did not have CSRF check when saving its settings, not any sanitisation or validation on them. This could allow attackers to make logged in administrators change the plugin's settings to arbitrary values, and set XSS payloads on them as well

Scores

CVSS v3 6.2
EPSS 0.0061
EPSS Percentile 45.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N

Details

CWE
CWE-352 CWE-79
Status published
Products (1)
clogica/wp_login_security_and_history < 1.0
Published Jun 01, 2021
Tracked Since Feb 18, 2026