Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
login vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2022-3098
The Login Block IPs WordPress plugin up to and including 1.0.0 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack
Gunkastudios Login Block Ips
5.4
CVSSv3
CVE-2023-2547
The Feather Login Page plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteUser' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with su...
Featherplugins Feather Login Page
8.8
CVSSv3
CVE-2023-2549
The Feather Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions starting from 1.0.7 up to, and including, 1.1.1. This is due to missing nonce validation in the 'createTempAccountLink' function. This makes it possible for unauthenticat...
Featherplugins Feather Login Page
8.8
CVSSv3
CVE-2023-31075
Cross-Site Request Forgery (CSRF) vulnerability in Arshid Easy Hide Login.This issue affects Easy Hide Login: from n/a up to and including 1.0.8.
Ciphercoin Easy Hide Login
8.8
CVSSv3
CVE-2023-2545
The Feather Login Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getListOfUsers' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, w...
Featherplugins Feather Login Page
8.8
CVSSv3
CVE-2022-42884
Missing Authorization vulnerability in ThemeinProgress WIP Custom Login.This issue affects WIP Custom Login: from n/a up to and including 1.2.7.
Themeinprogress Wip Custom Login
5.4
CVSSv3
CVE-2022-4622
The Login Logout Menu WordPress plugin up to and including 1.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cr...
Wpbrigade Login Logout Menu
5.4
CVSSv3
CVE-2022-4625
The Login Logout Menu WordPress plugin prior to 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be use...
Wpbrigade Login Logout Menu
8.8
CVSSv3
CVE-2023-33313
Cross-Site Request Forgery (CSRF) vulnerability in ThemeinProgress WIP Custom Login plugin <= 1.2.9 versions.
Themeinprogress Wip Custom Login
9.8
CVSSv3
CVE-2019-15825
The wps-hide-login plugin prior to 1.5.3 for WordPress has an action=rp&key&login protection bypass.
Wpserveur Wps Hide Login
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »