Security Advisory

CVE-2023-4549

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-09-25 15:56:56

Last updated 2024-08-02 07:31:05

Assigner WPScan

State PUBLISHED

Description

The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress login form.

← Browse all CVEs View on cve.org ↗