Limited Black Friday Offer:
Security for everyone

WordPress OpenID Connect Generic Client 3.8.0-3.8.1 - Cross-Site Scripting CVE-2021-24214 Scanner

Remote attacker can perform a reflected cross site scripting attack (XSS) by injecting malicious payload.

SCAN NOW

Short Info

Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Url

Parent Category

WordPress OpenID Connect Generic Client 3.8.0-3.8.1 - Cross-Site Scripting CVE-2021-24214 Scanner Detail

The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration.