CVE-2023-1893

MEDIUM NUCLEI

Login Configurator < 2.1 - Reflected Cross-Site Scripting via URL Parameter

Title source: llm

Exploitation Summary

CVE-2023-1893 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

The Login Configurator WordPress plugin through 2.1 does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site administrators.

Nuclei Templates (1)

MEDIUMVERIFIEDby 0xr2r

References (2)

Core 2

Core References

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/173723/WordPress-Login-Configurator-2.1-Cross-Site-Scripting.html

Exploit, Third Party Advisory exploit vdb-entry technical-description

https://wpscan.com/vulnerability/dbe6cf09-971f-42e9-b744-9339454168c7

Scores

CVSS v3 6.1

EPSS 0.0067

EPSS Percentile 47.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

login_configurator_project/login_configurator < 2.1

Published Jul 17, 2023

Tracked Since Feb 18, 2026