Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/01/25 9:16 a.m.17 views

CVE-2026-1088

The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotionloginformprocess AJAX action. This makes it possible for unauthenticated attackers to update the plugin's login...

4.3CVSS5.4AI score0.00154EPSS
Exploits0References1
NVD
NVD
added 2026/01/24 8:16 a.m.6 views

CVE-2026-1088

The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotionloginformprocess AJAX action. This makes it possible for unauthenticated attackers to update the plugin's login...

4.3CVSS0.00154EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/24 7:26 a.m.34 views

CVE-2026-1088 Login Page Editor <= 1.2 - Cross-Site Request Forgery to Settings Update

The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotionloginformprocess AJAX action. This makes it possible for unauthenticated attackers to update the plugin's login...

4.3CVSS0.00154EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/24 7:26 a.m.5 views

CVE-2026-1088 Login Page Editor <= 1.2 - Cross-Site Request Forgery to Settings Update

The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotionloginformprocess AJAX action. This makes it possible for unauthenticated attackers to update the plugin's login...

4.3CVSS5.8AI score0.00154EPSS
Exploits0References3
CVE
CVE
added 2026/01/24 7:26 a.m.10 views

CVE-2026-1088

CVE-2026-1088 affects the WordPress plugin Login Page Editor (≤1.2). The issue is a Cross-Site Request Forgery (CSRF) due to missing nonce validation on the devotion_loginform_process() AJAX action, enabling unauthenticated attackers to update login-page settings if a site administrator is tricke...

4.3CVSS5.4AI score0.00154EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/24 7:26 a.m.3 views

CVE-2026-1088

The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotionloginformprocess AJAX action. This makes it possible for unauthenticated attackers to update the plugin's login...

4.3CVSS5.8AI score0.00154EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/01/24 5:35 a.m.9 views

WordPress Login Page Editor plugin <= 1.2 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Login Page Editor versions = 1.2...

4.3CVSS5.5AI score0.00154EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/24 12:0 a.m.6 views

WordPress Plugin Login Page Editor Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.7AI score0.00154EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.10 views

PT-2026-4583

The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotion loginform process AJAX action. This makes it possible for unauthenticated attackers to update the plugin's logi...

4.3CVSS5.4AI score0.00154EPSS
Exploits0References4
Rows per page
Query Builder