Vulnerabilities and security researches forlogin-sidebar-widget login-sidebar-widget

Jun 06, 2024

CVE, Research URL: CVE-2014-6312
Home page URL: Security reports for Login Widget With Shortcode
Application: Login Widget With Shortcode
Date: Oct 15, 2014
Research Description: Cross-site request forgery (CSRF) vulnerability in the Login Widget With Shortcode (login-sidebar-widget) plugin before 3.2.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the custom_style_afo parameter on the login_widget_afo page to wp-admin/options-general.php.
Affected versions: max 3.2.1.
Status: vulnerable

Dec 11, 2024

CVE, Research URL: CVE-2024-54255
Home page URL: Security reports for Login Widget With Shortcode
Application: Login Widget With Shortcode
Date: Dec 09, 2024
Research Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in aviplugins.com Login Widget With Shortcode login-sidebar-widget allows Phishing.This issue affects Login Widget With Shortcode: from n/a through <= 6.1.2.
Affected versions: max 6.1.2.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: 52e985c42e71678e994e44c7eccedfdaab3c457f
Home page URL: Security reports for Login Widget With Shortcode
Application: Login Widget With Shortcode
Date: Sep 21, 2014
Research Description: Login Widget With Shortcode [login-sidebar-widget] < 3.2.1 WordPress Login Widget With Shortcode Plugin <= 3.1.1 - Reflected XSS This plugin is prone to a reflected XSS via "custom_style_afo" parameter. Update the plugin.
Affected versions: max 3.2.1.
Status: vulnerable

CVE, Research URL: 21810fc06f090bf5de5db5f384212ac96d3c2abd
Home page URL: Security reports for Login Widget With Shortcode
Application: Login Widget With Shortcode
Date: Sep 25, 2014
Research Description: Login Widget With Shortcode [login-sidebar-widget] < 3.1.2 WordPress Login Widget With Shortcode Plugin 3.1.1 - Multiple Vulnerabilities Login Widget With Shortcode plugin is prone to CSRF and XSS vulnerabilities that allow an attacker to insert arbitrary HTML into an admin page. Then an attacker can use Javascript to control an admin user’s browser and create user accounts, posts, etc. Update the plugin.
Affected versions: max 3.1.2.
Status: vulnerable

CVE, Research URL: 2d2da6f6-fbf4-4cfd-b671-356abfab3a38
Home page URL: Security reports for Login Widget With Shortcode
Application: Login Widget With Shortcode
Date: -
Research Description: Login Widget With Shortcode [login-sidebar-widget] < 3.2.1 Login Widget With Shortcode 3.1.1 - custom_style_afo Parameter Reflected XSS The Login Widget With Shortcode WordPress plugin was affected by a custom_style_afo Parameter Reflected XSS security vulnerability.
Affected versions: max 3.2.1.
Status: vulnerable