Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
login vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2013-2198
The Login Security module 6.x-1.x prior to 6.x-1.3 and 7.x-1.x prior to 7.x-1.3 for Drupal allows malicious users to bypass intended restrictions via a crafted username.
Login Security Project Login Security
Login Security Project Login Security 6.x-1.0
Login Security Project Login Security 6.x-1.x
Login Security Project Login Security 7.x-1.x
6.8
CVSSv2
CVE-2014-3882
Cross-site request forgery (CSRF) vulnerability in the Login rebuilder plugin prior to 1.2.0 for WordPress allows remote malicious users to hijack the authentication of arbitrary users.
12net Login Rebuilder
12net Login Rebuilder 1.1.2
12net Login Rebuilder 1.1.0
12net Login Rebuilder 1.0.2
12net Login Rebuilder 1.0.1
12net Login Rebuilder 1.0.0
12net Login Rebuilder 1.1.1
12net Login Rebuilder 1.0.3
3.5
CVSSv2
CVE-2015-4395
The HybridAuth Social Login module 7.x-2.x prior to 7.x-2.10 for Drupal stores passwords in plaintext when the "Ask user for a password when registering" option is enabled, which allows remote authenticated users with certain permissions to obtain sensitive information ...
Hybridauth Social Login Project Hybridauth Social Login 7.x-2.1
Hybridauth Social Login Project Hybridauth Social Login 7.x-2.2
Hybridauth Social Login Project Hybridauth Social Login 7.x-2.3
Hybridauth Social Login Project Hybridauth Social Login 7.x-2.4
Hybridauth Social Login Project Hybridauth Social Login 7.x-2.9
Hybridauth Social Login Project Hybridauth Social Login 7.x-2.0
Hybridauth Social Login Project Hybridauth Social Login 7.x-2.5
Hybridauth Social Login Project Hybridauth Social Login 7.x-2.7
Hybridauth Social Login Project Hybridauth Social Login 7.x-2.6
Hybridauth Social Login Project Hybridauth Social Login 7.x-2.8
5
CVSSv2
CVE-2015-5511
The HybridAuth Social Login module 7.x-2.x prior to 7.x-2.13 for Drupal allows remote malicious users to bypass the user registration by administrator only configuration and create an account via a social login.
Hybridauth Social Login Project Hybridauth Social Login 7.x-2.0
Hybridauth Social Login Project Hybridauth Social Login 7.x-2.7
Hybridauth Social Login Project Hybridauth Social Login 7.x-2.8
Hybridauth Social Login Project Hybridauth Social Login 7.x-2.5
Hybridauth Social Login Project Hybridauth Social Login 7.x-2.6
Hybridauth Social Login Project Hybridauth Social Login 7.x-2.1
Hybridauth Social Login Project Hybridauth Social Login 7.x-2.2
Hybridauth Social Login Project Hybridauth Social Login 7.x-2.9
Hybridauth Social Login Project Hybridauth Social Login 7.x-2.10
Hybridauth Social Login Project Hybridauth Social Login 7.x-2.11
Hybridauth Social Login Project Hybridauth Social Login 7.x-2.3
Hybridauth Social Login Project Hybridauth Social Login 7.x-2.4
Hybridauth Social Login Project Hybridauth Social Login 7.x-2.12
4.3
CVSSv2
CVE-2014-6312
Cross-site request forgery (CSRF) vulnerability in the Login Widget With Shortcode (login-sidebar-widget) plugin prior to 3.2.1 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks ...
Login Widget With Shortcode Project Login Widget With Shortcode 1.0.1
Login Widget With Shortcode Project Login Widget With Shortcode 2.0.2
Login Widget With Shortcode Project Login Widget With Shortcode 2.2.3
Login Widget With Shortcode Project Login Widget With Shortcode 2.2.4
Login Widget With Shortcode Project Login Widget With Shortcode
Login Widget With Shortcode Project Login Widget With Shortcode 2.0.1
Login Widget With Shortcode Project Login Widget With Shortcode 2.1.3
1 EDB exploit
7.5
CVSSv2
CVE-2002-1720
SQL injection vulnerability in Spooky Login 2.0 up to and including 2.5 allows remote malicious users to bypass authentication and gain privileges via the password field.
Outfront Spooky Login 2.0
Outfront Spooky Login 2.1
Outfront Spooky Login 2.2
Outfront Spooky Login 2.3
Outfront Spooky Login 2.4
Outfront Spooky Login 2.5
1 EDB exploit
7.5
CVSSv2
CVE-2015-8082
The Login Disable module 6.x-1.x prior to 6.x-1.1 and 7.x-1.x prior to 7.x-1.2 for Drupal does not properly load the user_logout function, which allows remote malicious users to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demo...
Login Disable Project Login Disable 6.x-1.0
Login Disable Project Login Disable 7.x-1.0
Login Disable Project Login Disable 7.x-1.1
NA
CVE-2023-46777
Cross-Site Request Forgery (CSRF) vulnerability in Custom Login Page | Temporary Users | Rebrand Login | Login Captcha plugin <= 1.1.3 versions.
Featherplugins Custom Login Page \\| Temporary Users \\| Rebrand Login \\| Login Captcha
NA
CVE-2023-34369
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GrandSlambert Login Configurator plugin <= 2.1 versions.
Login Configurator Project Login Configurator
NA
CVE-2023-1893
The Login Configurator WordPress plugin up to and including 2.1 does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site administrators.
Login Configurator Project Login Configurator
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »