Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
login vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-27624
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcelotorres Redirect After Login plugin <= 0.1.9 versions.
Redirect After Login Project Redirect After Login
4.3
CVSSv2
CVE-2022-1732
The Rename wp-login.php WordPress plugin up to and including 2.6.0 does not have CSRF check in place when updating the secret login URL, which could allow malicious users to make a logged in admin change them via a CSRF attack
Rename Wp-login Project Rename Wp-login
2.1
CVSSv2
CVE-2012-0959
Remote Login Service (RLS) 1.0.0 does not properly clear account information when switching users, which might allow physically proximate users to obtain login credentials.
Remote Login Service Hackers Remote Login Service 1.0.0
5
CVSSv2
CVE-2018-15876
An issue exists in the ajax-bootmodal-login plugin 1.4.3 for WordPress. The register form, login form, and password-recovery form require solving a CAPTCHA to perform actions. However, this is required only once per user session, and therefore one could send as many requests as o...
Ajax Bootmodal Login Project Ajax Bootmodal Login 1.4.3
4
CVSSv2
CVE-2015-5298
The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification.
Jenkins Google Login 1.1
Jenkins Google Login 1.0
6.5
CVSSv2
CVE-2021-24194
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login Protection - Limit Failed Login Attempts WordPress plugin prior to 2.9, to install any plugin (including a specific version) from the WordPress repository, as well as act...
Wp-buy Login Protection - Limit Failed Login Attempts
NA
CVE-2022-2913
The Login No Captcha reCAPTCHA WordPress plugin prior to 1.7 doesn't check the proper IP address allowing malicious users to spoof IP addresses on the allow list and bypass the need for captcha on the login screen.
Login No Captcha Recaptcha Project Login No Captcha Recaptcha
NA
CVE-2023-2027
The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.2. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthe...
Zm Ajax Login \\& Register Project Zm Ajax Login \\& Register
NA
CVE-2023-27425
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in James Irving-Swift Electric Studio Client Login plugin <= 0.8.1 versions.
Electric Studio Client Login Project Electric Studio Client Login
5
CVSSv2
CVE-2022-1589
The Change wp-admin login WordPress plugin prior to 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector
Change Wp-admin Login Project Change Wp-admin Login
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »