Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
login vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2012-10001
The Limit Login Attempts plugin prior to 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote malicious users to conduct brute-force authentication attempts.
Limit Login Attempts Project Limit Login Attempts
4.8
CVSSv3
CVE-2023-26012
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Denzel Chia | Phire Design Custom Login Page plugin <= 2.0 versions.
Custom Login Page Project Custom Login Page
5.3
CVSSv3
CVE-2018-15876
An issue exists in the ajax-bootmodal-login plugin 1.4.3 for WordPress. The register form, login form, and password-recovery form require solving a CAPTCHA to perform actions. However, this is required only once per user session, and therefore one could send as many requests as o...
Ajax Bootmodal Login Project Ajax Bootmodal Login 1.4.3
NA
CVE-2012-0959
Remote Login Service (RLS) 1.0.0 does not properly clear account information when switching users, which might allow physically proximate users to obtain login credentials.
Remote Login Service Hackers Remote Login Service 1.0.0
6.5
CVSSv3
CVE-2015-5298
The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification.
Jenkins Google Login 1.1
Jenkins Google Login 1.0
8.8
CVSSv3
CVE-2021-24194
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login Protection - Limit Failed Login Attempts WordPress plugin prior to 2.9, to install any plugin (including a specific version) from the WordPress repository, as well as act...
Wp-buy Login Protection - Limit Failed Login Attempts
4.3
CVSSv3
CVE-2022-2913
The Login No Captcha reCAPTCHA WordPress plugin prior to 1.7 doesn't check the proper IP address allowing malicious users to spoof IP addresses on the allow list and bypass the need for captcha on the login screen.
Login No Captcha Recaptcha Project Login No Captcha Recaptcha
9.8
CVSSv3
CVE-2023-2027
The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.2. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthe...
Zm Ajax Login \\& Register Project Zm Ajax Login \\& Register
7.5
CVSSv3
CVE-2022-1589
The Change wp-admin login WordPress plugin prior to 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector
Change Wp-admin Login Project Change Wp-admin Login
4.8
CVSSv3
CVE-2023-27425
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in James Irving-Swift Electric Studio Client Login plugin <= 0.8.1 versions.
Electric Studio Client Login Project Electric Studio Client Login
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »