CVE-2023-1893

MEDIUM NUCLEI

Login Configurator <2.1 - XSS

Title source: llm

Description

The Login Configurator WordPress plugin through 2.1 does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site administrators.

Nuclei Templates (1)

MEDIUMVERIFIEDby 0xr2r

References (2)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/173723/WordPress-Login-Configurator-2.1-Cross-Site-Scripting.html

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/dbe6cf09-971f-42e9-b744-9339454168c7

Scores

CVSS v3 6.1

EPSS 0.0487

EPSS Percentile 89.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

login_configurator_project/login_configurator < 2.1

Published Jul 17, 2023

Tracked Since Feb 18, 2026