Skip to main content

Loginwp

2 CVEs product

Monthly

CVE-2021-24939 MEDIUM POC This Month

The LoginWP (Formerly Peter's Login Redirect) WordPress plugin before 3.0.0.5 does not sanitise and escape the rul_login_url and rul_logout_url parameter before outputting them back in attributes in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Loginwp
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-15115 HIGH This Week

The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Loginwp
NVD
CVSS 3.0
8.8
EPSS
0.7%
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The LoginWP (Formerly Peter's Login Redirect) WordPress plugin before 3.0.0.5 does not sanitise and escape the rul_login_url and rul_logout_url parameter before outputting them back in attributes in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Loginwp
NVD WPScan
EPSS 1% CVSS 8.8
HIGH This Week

The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Loginwp
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy