MidnightBSD

Advisories for erident_custom_login_and_dashboard_project

CVE-2015-9322 MEDIUM

The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
erident_custom_login_and_dashboard_project erident_custom_login_and_dashboard *
CVE-2021-24658 LOW

The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them (even when the unfileted_html is disabled)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
erident_custom_login_and_dashboard_project erident_custom_login_and_dashboard *