Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
login vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-27624
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcelotorres Redirect After Login plugin <= 0.1.9 versions.
Redirect After Login Project Redirect After Login
5
CVSSv2
CVE-2021-24998
The Simple JWT Login WordPress plugin prior to 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the str_shuffle PHP function that "does not generate cryptographically secure values, and should not be ...
Simple Jwt Login Project Simple Jwt Login
4.3
CVSSv2
CVE-2021-24657
The Limit Login Attempts WordPress plugin prior to 4.0.50 does not escape the IP addresses (which can be controlled by attacker via headers such as X-Forwarded-For) of attempted logins before outputting them in the reports table, leading to an Unauthenticated Stored Cross-Site Sc...
Limit Login Attempts Project Limit Login Attempts
NA
CVE-2023-5243
The Login Screen Manager WordPress plugin up to and including 3.5.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for e...
Login Screen Manager Project Login Screen Manager
4.3
CVSSv2
CVE-2021-24536
The Custom Login Redirect WordPress plugin up to and including 1.0.0 does not have CSRF check in place when saving its settings, and do not sanitise or escape user input before outputting them back in the page, leading to a Stored Cross-Site Scripting issue
Custom Login Redirect Project Custom Login Redirect
7.5
CVSSv2
CVE-2022-0787
The Limit Login Attempts (Spam Protection) WordPress plugin prior to 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections
Limit Login Attempts Project Limit Login Attempts
NA
CVE-2023-1861
The Limit Login Attempts WordPress plugin up to and including 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks
Limit Login Attempts Project Limit Login Attempts
NA
CVE-2023-1912
The Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lock logging feature in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated malicious users t...
Limit Login Attempts Project Limit Login Attempts
4.3
CVSSv2
CVE-2022-1732
The Rename wp-login.php WordPress plugin up to and including 2.6.0 does not have CSRF check in place when updating the secret login URL, which could allow malicious users to make a logged in admin change them via a CSRF attack
Rename Wp-login Project Rename Wp-login
5
CVSSv2
CVE-2012-10001
The Limit Login Attempts plugin prior to 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote malicious users to conduct brute-force authentication attempts.
Limit Login Attempts Project Limit Login Attempts
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »