9 matches found
CVE-2026-1088
The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotionloginformprocess AJAX action. This makes it possible for unauthenticated attackers to update the plugin's login...
CVE-2026-1088
The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotionloginformprocess AJAX action. This makes it possible for unauthenticated attackers to update the plugin's login...
CVE-2026-1088 Login Page Editor <= 1.2 - Cross-Site Request Forgery to Settings Update
The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotionloginformprocess AJAX action. This makes it possible for unauthenticated attackers to update the plugin's login...
CVE-2026-1088 Login Page Editor <= 1.2 - Cross-Site Request Forgery to Settings Update
The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotionloginformprocess AJAX action. This makes it possible for unauthenticated attackers to update the plugin's login...
CVE-2026-1088
CVE-2026-1088 affects the WordPress plugin Login Page Editor (≤1.2). The issue is a Cross-Site Request Forgery (CSRF) due to missing nonce validation on the devotion_loginform_process() AJAX action, enabling unauthenticated attackers to update login-page settings if a site administrator is tricke...
CVE-2026-1088
The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotionloginformprocess AJAX action. This makes it possible for unauthenticated attackers to update the plugin's login...
WordPress Login Page Editor plugin <= 1.2 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Login Page Editor versions = 1.2...
WordPress Plugin Login Page Editor Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-4583
The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotion loginform process AJAX action. This makes it possible for unauthenticated attackers to update the plugin's logi...