Skip to main content

Loginpress Pro

1 CVEs product

Monthly

CVE-2026-49058 CRITICAL Act Now

Unauthenticated privilege escalation in LoginPress Pro WordPress plugin versions 6.2.2 and earlier allows remote attackers without credentials to elevate privileges on affected WordPress sites. Reported by Patchstack with a CVSS 9.8 critical rating, the flaw maps to CWE-266 (Incorrect Privilege Assignment) and no public exploit identified at time of analysis. Given the plugin's role in customizing WordPress login flows, a successful attacker could obtain administrator-level access to the underlying site.

Privilege Escalation Loginpress Pro
NVD
CVSS 3.1
9.8
EPSS
0.3%
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated privilege escalation in LoginPress Pro WordPress plugin versions 6.2.2 and earlier allows remote attackers without credentials to elevate privileges on affected WordPress sites. Reported by Patchstack with a CVSS 9.8 critical rating, the flaw maps to CWE-266 (Incorrect Privilege Assignment) and no public exploit identified at time of analysis. Given the plugin's role in customizing WordPress login flows, a successful attacker could obtain administrator-level access to the underlying site.

Privilege Escalation Loginpress Pro
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy