Change WordPress Login Logo < 1.1.5 – Authenticated Stored Cross-Site Scripting

Description

The height, and width fields used to update the custom logo was found to be vulnerable to stored XSS, as they did not sanitize user input properly before publishing the changes. It is triggered when a user loads the login page.

Proof of Concept

Set the following payload as Height or Width in the plugin's settings: 100}</style><script>alert(0)</script>

Affects Plugins

change-login-logo

Fixed in 1.1.5

References

URL

https://packetstormsecurity.com/files/#158897/

URL

https://melbin.in/2020/08/15/multiple-stored-xss-vulnerabilities-in-change-wordpress-login-logo-plugin/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

3.5 (low)

Miscellaneous

Original Researcher

Melbin K Mathew

Verified

Yes

WPVDB ID

099fdf18-2888-4fbf-a72f-17f744bdfa92

Timeline

Publicly Published

2020-08-19 (about 3 years ago)

Added

2020-08-19 (about 3 years ago)

Last Updated

2020-11-28 (about 3 years ago)

Other

Published

Title

Published

2023-09-04

Title

Atarim < 3.9.4 - Admin+ Stored XSS

Published

2015-07-08

Title

YOP Poll <= 5.7.3 - Reflected Cross-Site Scripting (XSS)

Published

2019-05-06

Title

W3 Total Cache <= 0.9.7.3 - Cross-Site Scripting (XSS)

Published

2014-08-01

Title

Popup Images - popup-images/popup.php z Parameter XSS

Published

2022-08-12

Title

Alpine PhotoTile for Pinterest <= 1.3.1 - Admin+ Stored Cross-Site Scripting