Headline
CVE-2017-20056: Stored Cross-Site Scripting vulnerability in User Login Log WordPress Plugin
A vulnerability was found in weblizar User Login Log Plugin 2.2.1. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Stored). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Nmap Announce Nmap Dev Full Disclosure Security Lists Internet Issues Open Source Dev
Full Disclosure mailing list archives
From: Summer of Pwnage <lists () securify nl>
Date: Wed, 1 Mar 2017 07:13:27 +0100
------------------------------------------------------------------------ Stored Cross-Site Scripting vulnerability in User Login Log WordPress Plugin
Axel Koolhaas, July 2016
Abstract
A stored Cross-Site Scripting vulnerability was found in the User Login Log WordPress Plugin. This issue can be exploited by Subscriber (or higher) and allows an attacker to perform a wide variety of actions, such as stealing users’ session tokens, or performing arbitrary actions on their behalf.
OVE ID
OVE-20160724-0011
Tested versions
This issue was successfully tested on User Login Log WordPress Plugin version 2.2.1.
Fix
There is currently no fix available.
Details
https://sumofpwn.nl/advisory/2016/stored_cross_site_scripting_vulnerability_in_user_login_log_wordpress_plugin.html
Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its goal is to contribute to the security of popular, widely used OSS projects in a fun and educational way.
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Stored Cross-Site Scripting vulnerability in User Login Log WordPress Plugin Summer of Pwnage (Feb 28)