Skip to main content

Loginpress

4 CVEs product

Monthly

CVE-2022-41839 MEDIUM This Month

Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Loginpress
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-0347 MEDIUM POC This Month

The LoginPress | Custom Login Page Customizer WordPress plugin before 1.5.12 does not escape the redirect-page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Loginpress
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-15872 CRITICAL POC Act Now

The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Loginpress
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2019-15871 MEDIUM POC This Month

The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Loginpress
NVD
CVSS 3.0
4.3
EPSS
0.9%
EPSS 0% CVSS 5.3
MEDIUM This Month

Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Loginpress
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The LoginPress | Custom Login Page Customizer WordPress plugin before 1.5.12 does not escape the redirect-page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Loginpress
NVD WPScan
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Loginpress
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Loginpress
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy