Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
login vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-42884
Missing Authorization vulnerability in ThemeinProgress WIP Custom Login.This issue affects WIP Custom Login: from n/a up to and including 1.2.7.
Themeinprogress Wip Custom Login
NA
CVE-2022-42985
The ScratchLogin extension up to and including 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting (XSS).
Scratch-wiki Scratch Login
NA
CVE-2023-48773
Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect.This issue affects WooCommerce Login Redirect: from n/a up to and including 2.2.4.
Wpdoctor Woocommerce Login Redirect
NA
CVE-2023-44995
Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect plugin <= 2.2.4 versions.
Wpdoctor Woocommerce Login Redirect
NA
CVE-2023-27461
Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo Plugins When Last Login plugin <= 1.2.1 versions.
Yoohooplugins When Last Login
6.8
CVSSv2
CVE-2021-34628
The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the ~/includes/Login-form-setting/Login-form-background.php file which allows malicious users to inject arbitrary web scripts, in versions up to and includin...
Weblizar Admin Custom Login
NA
CVE-2023-47182
Cross-Site Request Forgery (CSRF) leading to a Stored Cross-Site Scripting (XSS) vulnerability in Nazmul Hossain Nihal Login Screen Manager plugin <= 3.5.2 versions.
Nazmulhossainnihal Login Screen Manager
7.5
CVSSv2
CVE-2017-18573
The simple-login-log plugin prior to 1.1.2 for WordPress has SQL injection.
Simplerealtytheme Simple Login Log
5
CVSSv2
CVE-2021-24917
The WPS Hide Login WordPress plugin prior to 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user.
Wpserveur Wps Hide Login
1 Github repository
3.5
CVSSv2
CVE-2022-1029
The Limit Login Attempts WordPress plugin prior to 4.0.72 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for...
Miniorange Limit Login Attempts
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »