CVE-2023-4549

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-4549

6.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

T

he DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form.

References
Link Resource
https://wpscan.com/vulnerability/8aebead0-0eab-4d4e-8ceb-8fea0760374f Exploit Third Party Advisory
https://wpscan.com/vulnerability/8aebead0-0eab-4d4e-8ceb-8fea0760374f Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:wpdo:dologin_security:*:*:*:*:*:wordpress:*:*
History

03 Mar 2026, 18:50

Type Values Removed Values Added
First Time Wpdo dologin Security
Wpdo
CPE cpe:2.3:a:wpdo5ea:dologin_security:*:*:*:*:*:wordpress:*:* cpe:2.3:a:wpdo:dologin_security:*:*:*:*:*:wordpress:*:*
CWE CWE-79

21 Nov 2024, 08:35

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/8aebead0-0eab-4d4e-8ceb-8fea0760374f - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/8aebead0-0eab-4d4e-8ceb-8fea0760374f - Exploit, Third Party Advisory
Information

Published : 2023-09-25 16:15

Updated : 2026-03-03 18:50

NVD link : CVE-2023-4549

Mitre link : CVE-2023-4549

CVE.ORG link : CVE-2023-4549

JSON object : View

Products Affected

wpdo

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')