Skip to main content

Clean Login

3 CVEs product

Monthly

CVE-2026-54184 HIGH This Week

Insecure direct object reference in the Clean Login WordPress plugin versions 1.15 and earlier allows remote unauthenticated attackers to manipulate object identifiers to modify data they should not control and to disrupt plugin-managed functionality. The flaw is reported by Patchstack and tagged as an authentication bypass affecting Alberto Hornero's Clean Login plugin, with no public exploit identified at time of analysis. CVSS 3.1 rates it 8.2 due to the network-reachable, no-privileges, no-interaction vector with limited integrity impact and high availability impact.

Authentication Bypass Clean Login
NVD VulDB
CVSS 3.1
8.2
EPSS
0.3%
CVE-2024-8252 HIGH POC PATCH This Week

The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP WordPress RCE LFI Information Disclosure +1
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2017-8875 MEDIUM POC This Month

CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Clean Login
NVD
CVSS 3.0
6.5
EPSS
0.1%
EPSS 0% CVSS 8.2
HIGH This Week

Insecure direct object reference in the Clean Login WordPress plugin versions 1.15 and earlier allows remote unauthenticated attackers to manipulate object identifiers to modify data they should not control and to disrupt plugin-managed functionality. The flaw is reported by Patchstack and tagged as an authentication bypass affecting Alberto Hornero's Clean Login plugin, with no public exploit identified at time of analysis. CVSS 3.1 rates it 8.2 due to the network-reachable, no-privileges, no-interaction vector with limited integrity impact and high availability impact.

Authentication Bypass Clean Login
NVD VulDB
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP WordPress RCE +3
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Clean Login
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy