Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
login vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2023-34172
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Miled WordPress Social Login plugin <= 3.0.4 versions.
Miled Wordpress Social Login
8.8
CVSSv3
CVE-2023-2545
The Feather Login Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getListOfUsers' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, w...
Featherplugins Feather Login Page
5.4
CVSSv3
CVE-2023-2547
The Feather Login Page plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteUser' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with su...
Featherplugins Feather Login Page
8.8
CVSSv3
CVE-2023-2549
The Feather Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions starting from 1.0.7 up to, and including, 1.1.1. This is due to missing nonce validation in the 'createTempAccountLink' function. This makes it possible for unauthenticat...
Featherplugins Feather Login Page
9.8
CVSSv3
CVE-2019-15824
The wps-hide-login plugin prior to 1.5.3 for WordPress has an adminhash protection bypass.
Wpserveur Wps Hide Login
9.8
CVSSv3
CVE-2019-15825
The wps-hide-login plugin prior to 1.5.3 for WordPress has an action=rp&key&login protection bypass.
Wpserveur Wps Hide Login
7.5
CVSSv3
CVE-2022-1579
The function check_is_login_page() uses headers for the IP check, which can be easily spoofed.
Gunkastudios Login Block Ips
7.2
CVSSv3
CVE-2024-35650
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security allows PHP Remote File Inclusion.This issue affects MelaPress Login Security: from n/a up to and including 1.3.0.
Melapress Melapress Login Security
4.8
CVSSv3
CVE-2022-4200
The Login with Cognito WordPress plugin up to and including 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for exa...
Miniorange Login With Cognito
8.8
CVSSv3
CVE-2021-34628
The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Request Forgery due to the loginbgSave action found in the ~/includes/Login-form-setting/Login-form-background.php file which allows malicious users to inject arbitrary web scripts, in versions up to and includin...
Weblizar Admin Custom Login
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »