EUVD-2025-206542

The Custom Login Page Customizer WordPress plugin before 2.5.4 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account...

CVE-2025-14975 Custom Login Page Customizer < 2.5.4 - Unauthenticated Arbitrary Password Reset

The Custom Login Page Customizer WordPress plugin before 2.5.4 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account...

PT-2026-5248

Name of the Vulnerable Software and Affected Versions Custom Login Page Customizer WordPress plugin versions prior to 2.5.4 Description The software does not have a secure password reset process. Unauthenticated users can reset the password of any user, including administrators, by knowing their...

EUVD-2025-204230

Missing Authorization vulnerability in A WP Life Login Page Customizer Customizer Login Page, Admin Page, Custom Design customizer-login-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Page Customizer Customizer Login Page, Admin Page, Custom...

CVE-2025-49902

Missing Authorization vulnerability in A WP Life Login Page Customizer – Customizer Login Page, Admin Page, Custom Design customizer-login-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Page Customizer – Customizer Login Page, Admin Page,...

CVE-2025-49902

Missing Authorization vulnerability in A WP Life Login Page Customizer – Customizer Login Page, Admin Page, Custom Design customizer-login-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Page Customizer – Customizer Login Page, Admin Page,...

CVE-2025-49902 WordPress Login Page Customizer – Customizer Login Page, Admin Page, Custom Design plugin <= 2.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in A WP Life Login Page Customizer Customizer Login Page, Admin Page, Custom Design customizer-login-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Page Customizer Customizer Login Page, Admin Page, Custom...

CVE-2025-49902 WordPress Login Page Customizer – Customizer Login Page, Admin Page, Custom Design plugin <= 2.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in A WP Life Login Page Customizer – Customizer Login Page, Admin Page, Custom Design customizer-login-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Page Customizer – Customizer Login Page, Admin Page,...

WordPress plugin Login Page Customizer – Customizer Login Page, Admin Page, Custom Design 安全漏洞

...

CVE-2024-6554 Branda – White Label WordPress, Custom Login Page Customizer <= 3.4.18 - Unauthenticated Full Path Disclosure

The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.18. This is due the plugin utilizing composer without preventing direct access to the files. This makes it possible for...

WordPress Custom Login Page Customizer Plugin <= 2.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Custom Login Page Customizer Type Plugin Vulnerable versions = 2.2.2 Fixed in 2.2.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 73bc975e043e Credits Rafie Muhammad...

WordPress Custom Login Page Customizer plugin <= 2.1.7 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Custom Login Page Customizer plugin versions = 2.1.7. Solution Update the WordPress Custom Login Page Customizer Plugin for WooCommerce plugin to the latest available version at least 2.1.8...

WordPress Custom Login Page Customizer plugin <= 2.1.7 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Custom Login Page Customizer plugin versions = 2.1.7. Solution Update the WordPress Custom Login Page Customizer Plugin for WooCommerce plugin to the latest available version at least 2.1.8...