Vulnerabilities and Security Researches

DoLogin Security, CVE-2023-4549

CVE, Research URL: CVE-2023-4549
Home page URL: Security reports for DoLogin Security
Application: DoLogin Security
Published on: Sep 25, 2023
Research Description: The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form.
Affected versions: max 3.7.
Status: vulnerable