CVE-2023-1893
published 2023-07-17CVE-2023-1893: The Login Configurator WordPress plugin through 2.1 does not properly escape a URL parameter before outputting it to the page, leading to a reflected…
PriorityP432medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
0.67%
47.5th percentile
The Login Configurator WordPress plugin through 2.1 does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site administrators.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| login_configurator_project | login_configurator | <= 2.1 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Login Configurator <=2.1 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2023-1893 [MEDIUM] Login Configurator <=2.1 - Cross-Site Scripting
Login Configurator alert(document.domain)", "login-configurator")'
- 'contains(content_type, "text/html")'
- 'status_code == 200'
condition: and
# digest: 4a0a00473045022067448018118d3957854ddc78e3d8910b029feae6a6803a27528757365cad2284022100ab9ac3b5e2b82d546db0892b1e2b0d81075e3f39e763cf1530df042d511f2276:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
http://packetstormsecurity.com/files/173723/WordPress-Login-Configurator-2.1-Cross-Site-Scripting.htmlhttps://wpscan.com/vulnerability/dbe6cf09-971f-42e9-b744-9339454168c7http://packetstormsecurity.com/files/173723/WordPress-Login-Configurator-2.1-Cross-Site-Scripting.htmlhttps://wpscan.com/vulnerability/dbe6cf09-971f-42e9-b744-9339454168c7
2023-07-17
Published