Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Published: 14/03/2025 Updated: 14/03/2025

Cross-Site Request Forgery in LoginPress WordPress Plugin Versions 3.3.1 and Below

The LoginPress WordPress plugin has a Cross-Site Request Forgery (CSRF) vulnerability in versions up to 3.3.1. The issue stems from a lack of proper nonce validation in the 'custom_plugin_set_option' function. This security flaw allows an unauthenticated attacker to modify WordPress site settings if they can trick an administrator into clicking a malicious link. By exploiting this vulnerability, an attacker could change the default user registration role to administrator and enable user registration, potentially gaining administrative access to the vulnerable site. The vulnerability can only be exploited when the 'WPBRIGADE_SDK__DEV_MODE' constant is set to 'true'.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hiddenpearls loginpress \| wp-login custom login page customizer

CWE-352 https://nvd.nist.gov https://www.first.org/epss https://plugins.svn.wordpress.org/loginpress/trunk/lib/wpb-sdk/views/wpb-debug.php https://plugins.trac.wordpress.org/changeset/3253283/https://pt.wordpress.org/plugins/loginpress/https://www.wordfence.com/threat-intel/vulnerabilities/id/9df6a2b4-2dc4-43dd-8282-5c05b0fa13f6?source=cve

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2025-1764

Vulnerability Summary

References

Vulmon Search

About

Products

Connect