Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
login vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-6861
Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 allow remote malicious users to execute arbitrary SQL commands via (1) the UserUpdate parameter to login/register.asp or (2) unspecified parameters to includes/a_register.asp.
Outfront Spooky Login 2.7
1 EDB exploit
NA
CVE-2006-6862
Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky Login 2.7 allow remote malicious users to inject arbitrary web script or HTML via unspecified parameters to (1) login/login.asp or (2) login/register.asp.
Outfront Spooky Login 2.7
7.5
CVSSv3
CVE-2020-36710
The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated malicious users to brute force credentials on sites in versions up to, and including, 1.5.4.2.
Wpserveur Wps Hide Login
4.6
CVSSv3
CVE-2020-36715
The Login/Signup Popup plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on several functions in versions up to, and including, 1.4. This makes it possible for authenticated malicious users to inject arbitrary web scripts into the plugin ...
Xootix Login\\/signup Popup
9.8
CVSSv3
CVE-2017-18514
The simple-login-log plugin prior to 1.1.2 for WordPress has SQL injection.
Simplerealtytheme Simple Login Log
9.8
CVSSv3
CVE-2017-18573
The simple-login-log plugin prior to 1.1.2 for WordPress has SQL injection.
Simplerealtytheme Simple Login Log
6.5
CVSSv3
CVE-2017-8875
CSRF in the Clean Login plugin prior to 1.8 for WordPress allows remote malicious users to change the login redirect URL or logout redirect URL.
Codection Clean Login 1.7.12
4.8
CVSSv3
CVE-2023-32505
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Arshid Easy Hide Login plugin <= 1.0.7 versions.
Ciphercoin Easy Hide Login
10
CVSSv3
CVE-2020-15164
in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whitespace and trimmed by MediaWiki. This affects all users on any wiki using this ex...
Scratch-wiki Scratch Login
7.5
CVSSv3
CVE-2022-1579
The function check_is_login_page() uses headers for the IP check, which can be easily spoofed.
Gunkastudios Login Block Ips
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »