Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
login vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-15826
The wps-hide-login plugin prior to 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field.
Wpserveur Wps Hide Login
NA
CVE-2022-2350
The Disable User Login WordPress plugin up to and including 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated malicious users to block (or unblock) users at will.
Brainvire Disable User Login
NA
CVE-2023-34023
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Miled WordPress Social Login plugin <= 3.0.4 versions.
Miled Wordpress Social Login
NA
CVE-2023-34025
Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Hide Login plugin <= 2.1.6 versions.
Lws Lws Hide Login
6.8
CVSSv2
CVE-2021-34628
The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the ~/includes/Login-form-setting/Login-form-background.php file which allows malicious users to inject arbitrary web scripts, in versions up to and includin...
Weblizar Admin Custom Login
5
CVSSv2
CVE-2021-24917
The WPS Hide Login WordPress plugin prior to 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user.
Wpserveur Wps Hide Login
2 Github repositories
2.1
CVSSv2
CVE-2013-1053
In crypt.c of remote-login-service, the cryptographic algorithm used to cache usernames and passwords is insecure. An attacker could use this vulnerability to recover usernames and passwords from the file. This issue affects version 1.0.0-0ubuntu3 and prior versions.
Canonical Remote-login-service
NA
CVE-2023-47806
Cross-Site Request Forgery (CSRF) vulnerability in Saint Systems Disable User Login.This issue affects Disable User Login: from n/a up to and including 1.3.7.
Saintsystems Disable User Login
NA
CVE-2023-27461
Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo Plugins When Last Login plugin <= 1.2.1 versions.
Yoohooplugins When Last Login
7.5
CVSSv2
CVE-2019-15823
The wps-hide-login plugin prior to 1.5.3 for WordPress has an action=confirmaction protection bypass.
Wpserveur Wps Hide Login
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »