Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
login vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-1912
The Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lock logging feature in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated malicious users t...
Limit Login Attempts Project Limit Login Attempts
4.8
CVSSv3
CVE-2023-26012
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Denzel Chia | Phire Design Custom Login Page plugin <= 2.0 versions.
Custom Login Page Project Custom Login Page
6.5
CVSSv3
CVE-2022-1732
The Rename wp-login.php WordPress plugin up to and including 2.6.0 does not have CSRF check in place when updating the secret login URL, which could allow malicious users to make a logged in admin change them via a CSRF attack
Rename Wp-login Project Rename Wp-login
NA
CVE-2014-4576
Cross-site scripting (XSS) vulnerability in services/diagnostics.php in the WordPress Social Login plugin 2.0.3 and previous versions for WordPress allows remote malicious users to inject arbitrary web script or HTML via the xhrurl parameter.
Wordpress Social Login Project Wordpress Social Login
7.5
CVSSv3
CVE-2021-24998
The Simple JWT Login WordPress plugin prior to 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the str_shuffle PHP function that "does not generate cryptographically secure values, and should not be ...
Simple Jwt Login Project Simple Jwt Login
9.8
CVSSv3
CVE-2012-10001
The Limit Login Attempts plugin prior to 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote malicious users to conduct brute-force authentication attempts.
Limit Login Attempts Project Limit Login Attempts
9.8
CVSSv3
CVE-2022-0787
The Limit Login Attempts (Spam Protection) WordPress plugin prior to 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections
Limit Login Attempts Project Limit Login Attempts
4.8
CVSSv3
CVE-2023-0544
The WP Login Box WordPress plugin up to and including 2.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example i...
Wp Login Box Project Wp Login Box
6.1
CVSSv3
CVE-2017-15867
Multiple cross-site scripting (XSS) vulnerabilities in the user-login-history plugin up to and including 1.5.2 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, (3) user_id, (4) username, (5) country_name, (6) br...
User-login-history Project User-login-history
6.1
CVSSv3
CVE-2021-24536
The Custom Login Redirect WordPress plugin up to and including 1.0.0 does not have CSRF check in place when saving its settings, and do not sanitise or escape user input before outputting them back in the page, leading to a Stored Cross-Site Scripting issue
Custom Login Redirect Project Custom Login Redirect
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »