Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
login vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-24917
The WPS Hide Login WordPress plugin prior to 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user.
Wpserveur Wps Hide Login
1 Github repository
8.8
CVSSv3
CVE-2023-27461
Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo Plugins When Last Login plugin <= 1.2.1 versions.
Yoohooplugins When Last Login
4.8
CVSSv3
CVE-2023-32505
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Arshid Easy Hide Login plugin <= 1.0.7 versions.
Ciphercoin Easy Hide Login
8.8
CVSSv3
CVE-2023-2545
The Feather Login Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getListOfUsers' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, w...
Featherplugins Feather Login Page
4.3
CVSSv3
CVE-2022-3098
The Login Block IPs WordPress plugin up to and including 1.0.0 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack
Gunkastudios Login Block Ips
7.5
CVSSv3
CVE-2022-1579
The function check_is_login_page() uses headers for the IP check, which can be easily spoofed.
Gunkastudios Login Block Ips
NA
CVE-2006-6861
Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 allow remote malicious users to execute arbitrary SQL commands via (1) the UserUpdate parameter to login/register.asp or (2) unspecified parameters to includes/a_register.asp.
Outfront Spooky Login 2.7
1 EDB exploit
6.1
CVSSv3
CVE-2020-6753
The Login by Auth0 plugin prior to 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392.
Auth0 Login By Auth0
5.5
CVSSv3
CVE-2013-1053
In crypt.c of remote-login-service, the cryptographic algorithm used to cache usernames and passwords is insecure. An attacker could use this vulnerability to recover usernames and passwords from the file. This issue affects version 1.0.0-0ubuntu3 and prior versions.
Canonical Remote-login-service
5.3
CVSSv3
CVE-2022-2350
The Disable User Login WordPress plugin up to and including 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated malicious users to block (or unblock) users at will.
Brainvire Disable User Login
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »