Skip to main content

Clean Login CVE-2026-54184

| EUVDEUVD-2026-37629 HIGH
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-06-17 Patchstack
8.2
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
8.2 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
vuln.today AI
8.2 HIGH

WordPress plugin endpoint reachable over HTTP without auth or interaction (AV:N/AC:L/PR:N/UI:N); IDOR lets attacker tamper with plugin-managed records (I:L) and break login (A:H), no data disclosure stated (C:N).

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 17, 2026 - 11:59 vuln.today

DescriptionCVE.org

Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions.

AnalysisAI

Insecure direct object reference in the Clean Login WordPress plugin versions 1.15 and earlier allows remote unauthenticated attackers to manipulate object identifiers to modify data they should not control and to disrupt plugin-managed functionality. The flaw is reported by Patchstack and tagged as an authentication bypass affecting Alberto Hornero's Clean Login plugin, with no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify WordPress site running Clean Login ≤1.15
Delivery
Probe plugin endpoint for ID parameter
Exploit
Send crafted request with target object ID
Execution
Bypass authorization check (CWE-639)
Persist
Modify or destroy account records
Impact
Deny login service to legitimate users

Vulnerability AssessmentAI

Exploitation Target site must run WordPress with the Clean Login plugin by Alberto Hornero installed and active at version 1.15 or earlier, and the vulnerable plugin endpoint (front-end login/registration/account-management page or its AJAX/REST handler) must be reachable by the attacker over the network. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N is consistent with a remote, unauthenticated WordPress endpoint reachable over HTTP(S), and the U scope with C:N/I:L/A:H implies the impact is constrained to objects managed by the plugin itself rather than the whole WordPress installation - most plausibly the ability to alter or destroy user account records, password-reset tokens, or registration data, leading to lockouts or denial of login functionality. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker enumerates or guesses identifiers used by a Clean Login endpoint (e.g. a user ID, account record, or password-reset token parameter) and issues crafted HTTP requests to the plugin's front-end or AJAX handler. …
Remediation No vendor-released patch identified at time of analysis; the input lists only the Patchstack advisory (https://patchstack.com/database/wordpress/plugin/clean-login/vulnerability/wordpress-clean-login-plugin-1-15-insecure-direct-object-references-idor-vulnerability) and no fix version, so administrators should monitor that page and the plugin's WordPress.org repository for a release greater than 1.15 and upgrade as soon as it ships. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Audit installed WordPress plugins across all systems; identify instances running Clean Login version ≤1.15; review access logs for suspicious activity targeting plugin endpoints. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-54184 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy