CVE-2024-13226

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jan 31, 2025
CWE ID 79

Summary

CVE-2024-13226 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the A5 Custom Login Page WordPress plugin up to version 2.8.1. This issue occurs due to the plugin's failure to sanitize and escape user input, which is then displayed on the login page. An attacker could exploit this flaw by injecting malicious scripts into the parameter, allowing them to steal sensitive information or take control of high privilege user accounts, such as those of admin users. Users are advised to upgrade to the latest version of the plugin or consider removing it altogether if it's no longer needed.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share