ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Login Widget With Shortcode Plugin <= 3.1.1 - Reflected XSS

Product
Login Widget With Shortcode
Description
This plugin is prone to a reflected XSS via "custom_style_afo" parameter.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Packet Storm Security
CVE
Name CVE-N/A
Versions
Affected In <= 3.1.1
Fixed In 3.2.1
Disclosure date
2014-09-21
Submitter
ThreatPress