What is the severity of CVE-2021-43409?

CVE-2021-43409 is classified as a high severity vulnerability due to its nature as a persistent Cross-Site Scripting (XSS).

How do I fix CVE-2021-43409?

To fix CVE-2021-43409, upgrade to the latest version of the WPO365 | LOGIN plugin that is higher than version 15.3.

What type of vulnerability is CVE-2021-43409?

CVE-2021-43409 is a persistent Cross-Site Scripting (XSS) vulnerability affecting the WPO365 | LOGIN WordPress plugin.

Which versions of the WPO365 | LOGIN plugin are affected by CVE-2021-43409?

CVE-2021-43409 affects all versions of the WPO365 | LOGIN plugin up to and including version 15.3.

What can an attacker achieve by exploiting CVE-2021-43409?

By exploiting CVE-2021-43409, an attacker can execute malicious scripts in the context of a user's session, potentially leading to unauthorized access or data manipulation.

Vulnerability/
CVE-2021-43409

critical

9.3

CWE

19/11/2021

21/11/2024

CVE-2021-43409: WPO365 | LOGIN - Wordpress Plugin Persistent Cross-Site Scripting

First published: Fri Nov 19 2021(Updated: )

The “WPO365 | LOGIN” WordPress plugin (up to and including version 15.3) by wpo365.com is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data. In this case, the XSS payload can be submitted by any anonymous user, the payload then renders and executes when a WordPress administrator authenticates and accesses the WordPress Dashboard. The injected payload can carry out actions on behalf of the administrator including adding other administrative users and changing application settings. This flaw could be exploited to ultimately provide full control of the affected system to the attacker.

Credit: info@appcheck-ng.com info@appcheck-ng.com

Affected Software	Affected Version	How to fix
Wpo365 Wordpress + Azure Ad / Microsoft Office 365	<=15.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-43409?
CVE-2021-43409 is classified as a high severity vulnerability due to its nature as a persistent Cross-Site Scripting (XSS).
How do I fix CVE-2021-43409?
To fix CVE-2021-43409, upgrade to the latest version of the WPO365 | LOGIN plugin that is higher than version 15.3.
What type of vulnerability is CVE-2021-43409?
CVE-2021-43409 is a persistent Cross-Site Scripting (XSS) vulnerability affecting the WPO365 | LOGIN WordPress plugin.
Which versions of the WPO365 | LOGIN plugin are affected by CVE-2021-43409?
CVE-2021-43409 affects all versions of the WPO365 | LOGIN plugin up to and including version 15.3.
What can an attacker achieve by exploiting CVE-2021-43409?
By exploiting CVE-2021-43409, an attacker can execute malicious scripts in the context of a user's session, potentially leading to unauthorized access or data manipulation.

agent/references
agent/type
agent/severity
agent/title
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/first-publish-date
agent/last-modified-date
agent/author
agent/softwarecombine
agent/event
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
vendor/wpo365
canonical/wpo365 wordpress + azure ad / microsoft office 365
version/wpo365 wordpress + azure ad / microsoft office 365/15.3