Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
login vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2003-1434
login_ldap 3.1 and 3.2 allows remote malicious users to initiate unauthenticated bind requests if (1) bind_anon_dn is on, which allows a bind with no password provided, (2) bind_anon_cred is on, which allows a bind with no DN, or (3) bind_anon is on, which allows a bind with no D...
Pete Werner Login Ldap 3.1
Pete Werner Login Ldap 3.2
312
VMScore
CVE-2021-24658
The Erident Custom Login and Dashboard WordPress plugin prior to 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them (even when the unfileted_html is disabled)
Erident Custom Login And Dashboard Project Erident Custom Login And Dashboard
516
VMScore
CVE-2019-15820
The login-or-logout-menu-item plugin prior to 1.2.0 for WordPress has no requirement for lolmi_save_settings authentication.
Login Or Logout Menu Item Project Login Or Logout Menu Item
NA
CVE-2022-47138
Cross-Site Request Forgery (CSRF) vulnerability in German Krutov LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin <= 2.1 versions.
Login And Registration Attempts Limit Project Login And Registration Attempts Limit
605
VMScore
CVE-2015-9322
The erident-custom-login-and-dashboard plugin prior to 3.5 for WordPress has CSRF.
Erident Custom Login And Dashboard Project Erident Custom Login And Dashboard
383
VMScore
CVE-2006-7078
Multiple cross-site scripting (XSS) vulnerabilities in Professional Home Page Tools Login Script, as of July 2006, allow remote malicious users to inject arbitrary web script or HTML via the (1) name, (2) vorname, and (3) nachname parameters in the register script. NOTE: some det...
Professional Home Page Tools Login Script Professional Home Page Tools Login Script
NA
CVE-2022-2987
The Ldap WP Login / Active Directory Integration WordPress plugin prior to 3.0.2 does not have any authorisation and CSRF checks when updating it's settings (which are hooked to the init action), allowing unauthenticated malicious users to update them. Attackers could set th...
Ldap Wp Login / Active Directory Integration Project Ldap Wp Login / Active Directory Integration
NA
CVE-2023-0522
The Enable/Disable Auto Login when Register WordPress plugin up to and including 1.1.0 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack
Enable/disable Auto Login When Register Project Enable/disable Auto Login When Register
NA
CVE-2023-46201
Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Login New User After Registration allows Stored XSS.This issue affects Auto Login New User After Registration: from n/a up to and including 1.9.6.
Auto Login New User After Registration Project Auto Login New User After Registration
NA
CVE-2023-46202
Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Login New User After Registration plugin <= 1.9.6 versions.
Auto Login New User After Registration Project Auto Login New User After Registration
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »