Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
login vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-1893
The Login Configurator WordPress plugin up to and including 2.1 does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site administrators.
Login Configurator Project Login Configurator
614
VMScore
CVE-2010-2945
The default configuration of SLiM prior to 1.3.2 places ./ (dot slash) at the beginning of the default_path option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp.
Simone Rota Slim Simple Login Manager 1.2.1
Simone Rota Slim Simple Login Manager 1.2.0
Simone Rota Slim Simple Login Manager 1.1.0
Simone Rota Slim Simple Login Manager 1.0.0
Simone Rota Slim Simple Login Manager 1.2.5
Simone Rota Slim Simple Login Manager 1.2.3
Simone Rota Slim Simple Login Manager 1.3.0
Simone Rota Slim Simple Login Manager 1.2.6
Simone Rota Slim Simple Login Manager 1.2.4
Simone Rota Slim Simple Login Manager 1.2.2
Simone Rota Slim Simple Login Manager
187
VMScore
CVE-2014-5000
The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.
Lawn-login Project Lawn-login 0.0.7
409
VMScore
CVE-2017-20066
A vulnerability has been found in Adminer Login 1.4.4 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improper access controls. It is possible to launch the attack on the local host. The exploit has been disclosed to the public an...
Adminer Login Project Adminer Login 1.4.4
NA
CVE-2016-15031
A vulnerability was found in PHP-Login 1.0. It has been declared as critical. This vulnerability affects the function checkLogin of the file login/scripts/class.loginscript.php of the component POST Parameter Handler. The manipulation of the argument myusername leads to sql injec...
Php-login Project Php-login 1.0
NA
CVE-2022-38063
Cross-Site Request Forgery (CSRF) vulnerability in Social Login WP plugin <= 5.0.0.0 versions.
Social Login Wp Project Social Login Wp
605
VMScore
CVE-2021-24804
The Simple JWT Login WordPress plugin prior to 3.2.1 does not have nonce checks when saving its settings, allowing malicious users to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which c...
Simple Jwt Login Project Simple Jwt Login
383
VMScore
CVE-2017-15867
Multiple cross-site scripting (XSS) vulnerabilities in the user-login-history plugin up to and including 1.5.2 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, (3) user_id, (4) username, (5) country_name, (6) br...
User-login-history Project User-login-history
NA
CVE-2023-26012
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Denzel Chia | Phire Design Custom Login Page plugin <= 2.0 versions.
Custom Login Page Project Custom Login Page
383
VMScore
CVE-2014-4576
Cross-site scripting (XSS) vulnerability in services/diagnostics.php in the WordPress Social Login plugin 2.0.3 and previous versions for WordPress allows remote malicious users to inject arbitrary web script or HTML via the xhrurl parameter.
Wordpress Social Login Project Wordpress Social Login
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »