cleantalk
Vulnerabilities and Security Researches

Change WordPress Login Logo, 3e38c8a9639b68f093c62b2db41d27500a5cfe59

CVE, Research URL

3e38c8a9639b68f093c62b2db41d27500a5cfe59

Home page URL

Security reports for Change WordPress Login Logo

Application

Change WordPress Login Logo

Published on
Aug 15, 2020
Research Description
Change WordPress Login Logo [change-login-logo] < 1.1.5 Change WordPress Login Logo <= 1.1.4 - Stored Cross-Site Scripting The Change WordPress Login Logo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the height and width parameters in versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.1.5.
Status
vulnerable
Previous vulnerability researches
Payment Gateway for PayFabric (8bbbf1c0e1c721fb1f89da1df32fc1e12d96430d) , Jun 07, 2024
Payment Gateway for PayFabric (CVE-2023-33999) , Jun 13, 2026
Payment Gateway for PayFabric (7561f277f93e22b75aabd0195a11a27ce8a0b791) , Jun 16, 2026
Payment Gateway for PayFabric (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
New vulnerability
Quick Paypal Payments (694ee69b4de310131233fa748c67a0df9010292f) , Jun 16, 2026
Quick Paypal Payments (43aed989204b22d7d17d9eef7b521d26d569a905) , Jun 16, 2026
Quick Paypal Payments (687d78df7bf1589193db1c931abb3c12142e1a6a) , Jun 16, 2026
Quick Paypal Payments (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
Quick Paypal Payments (9361b71637bede9f86f9b8e7ae1908d62a5ef31c) , Jun 16, 2026