Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
login vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-0544
The WP Login Box WordPress plugin up to and including 2.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example i...
Wp Login Box Project Wp Login Box
NA
CVE-2023-4773
The WordPress Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wordpress_social_login_meta' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. T...
Wordpress Social Login Project Wordpress Social Login
356
VMScore
CVE-2015-5298
The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification.
Jenkins Google Login 1.1
Jenkins Google Login 1.0
445
VMScore
CVE-2018-15876
An issue exists in the ajax-bootmodal-login plugin 1.4.3 for WordPress. The register form, login form, and password-recovery form require solving a CAPTCHA to perform actions. However, this is required only once per user session, and therefore one could send as many requests as o...
Ajax Bootmodal Login Project Ajax Bootmodal Login 1.4.3
187
VMScore
CVE-2012-0959
Remote Login Service (RLS) 1.0.0 does not properly clear account information when switching users, which might allow physically proximate users to obtain login credentials.
Remote Login Service Hackers Remote Login Service 1.0.0
578
VMScore
CVE-2021-24194
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login Protection - Limit Failed Login Attempts WordPress plugin prior to 2.9, to install any plugin (including a specific version) from the WordPress repository, as well as act...
Wp-buy Login Protection - Limit Failed Login Attempts
445
VMScore
CVE-2022-1589
The Change wp-admin login WordPress plugin prior to 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector
Change Wp-admin Login Project Change Wp-admin Login
NA
CVE-2023-2027
The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.2. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthe...
Zm Ajax Login \\& Register Project Zm Ajax Login \\& Register
NA
CVE-2023-27425
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in James Irving-Swift Electric Studio Client Login plugin <= 0.8.1 versions.
Electric Studio Client Login Project Electric Studio Client Login
NA
CVE-2022-2913
The Login No Captcha reCAPTCHA WordPress plugin prior to 1.7 doesn't check the proper IP address allowing malicious users to spoof IP addresses on the allow list and bypass the need for captcha on the login screen.
Login No Captcha Recaptcha Project Login No Captcha Recaptcha
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »