Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
login vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-33313
Cross-Site Request Forgery (CSRF) vulnerability in ThemeinProgress WIP Custom Login plugin <= 1.2.9 versions.
Themeinprogress Wip Custom Login
NA
CVE-2023-2545
The Feather Login Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getListOfUsers' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, w...
Featherplugins Feather Login Page
4.3
CVSSv2
CVE-2017-8875
CSRF in the Clean Login plugin prior to 1.8 for WordPress allows remote malicious users to change the login redirect URL or logout redirect URL.
Codection Clean Login 1.7.12
10
CVSSv2
CVE-2006-6861
Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 allow remote malicious users to execute arbitrary SQL commands via (1) the UserUpdate parameter to login/register.asp or (2) unspecified parameters to includes/a_register.asp.
Outfront Spooky Login 2.7
1 EDB exploit
NA
CVE-2020-36715
The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. This makes it possible for authenticated malicious users to inject arbitrary web scripts into the plugin ...
Xootix Login\\/signup Popup
7.5
CVSSv2
CVE-2017-18514
The simple-login-log plugin prior to 1.1.2 for WordPress has SQL injection.
Simplerealtytheme Simple Login Log
4.3
CVSSv2
CVE-2020-6753
The Login by Auth0 plugin prior to 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392.
Auth0 Login By Auth0
NA
CVE-2022-4622
The Login Logout Menu WordPress plugin up to and including 1.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cr...
Wpbrigade Login Logout Menu
NA
CVE-2022-4625
The Login Logout Menu WordPress plugin prior to 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be use...
Wpbrigade Login Logout Menu
NA
CVE-2022-2350
The Disable User Login WordPress plugin up to and including 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated malicious users to block (or unblock) users at will.
Brainvire Disable User Login
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »