A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin.
References
Link | Resource |
---|---|
https://cybersecurityworks.com/zerodays/cve-2021-33851-stored-cross-site-scripting-in-wordpress-customize-login-image.html | Exploit Mitigation Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: CSW
Published: 2022-03-09T16:54:38
Updated: 2022-03-11T17:54:07
Reserved: 2021-06-04T00:00:00
Link: CVE-2021-33851
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-10T17:42:36.047
Modified: 2022-03-12T04:08:48.273
Link: CVE-2021-33851
JSON object: View
Redhat Information
No data.
CWE