The Login Configurator WordPress plugin up to and including 2.1 does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site administrators.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
login configurator project login configurator |