CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

184 matches found

📄 WordPress Temporary Login 1.0.0 Authentication Bypass

WordPress Temporary Login plugin versions 1.0.0 and below suffer from an authentication bypass vulnerability. Exploit Title: Wordpress Temporary Login Plugin 1.0.0 - 'temp-login-token' Authentication Bypass to Account Takeover Date: 2026-05-02 Exploit Author: Amir Hossein Jamshidi Vendor Homepage...

9.8CVSS5.8AI score0.05917EPSS

Exploits3

Github Security Blog•added 2026/05/05 9:26 p.m.•8 views

Grav Vulnerable to Privilege Escalation via Missing Server-Side Validation of groups/access

Bug Report: Registration Privilege Escalation via Missing Server-Side Validation of groups/access Summary The Login::register method in the Login plugin accepts attacker-controlled groups and access fields from the registration POST data without server-side validation. When registration is enable...

9.4CVSS5.8AI score0.00023EPSS

Exploits0References5Affected Software1

Patchstack•added 2026/05/05 10:14 a.m.•9 views

WordPress Temporary Login plugin <= 1.0.0 - Authentication Bypass to Account Takeover vulnerability

Authentication Bypass to Account Takeover vulnerability discovered by TANG Cheuk Hei siunam in WordPress Plugin Temporary Login versions = 1.0.0...

9.8CVSS5.8AI score0.05917EPSS

Exploits3References1Affected Software1

Positive Technologies•added 2026/05/05 12:0 a.m.•7 views

PT-2026-37279

Name of the Vulnerable Software and Affected Versions Grav version 1.8.0-beta.29 Login Plugin versions prior to 3.8.2 Description A missing server-side validation issue exists in the Login::register function of the Login plugin. When user registration is enabled and the groups or access fields ar...

9.4CVSS6.5AI score0.00023EPSS

Exploits0References7

NVD•added 2026/05/01 10:15 a.m.•1 views

CVE-2026-7567

The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation in the maybelogintemporaryuser function, which fails to verify that the 'temp-login-token' GET parameter is a scalar string before...

9.8CVSS0.05917EPSS

Exploits3References7

CVE•added 2026/02/20 3:46 p.m.•5 views

CVE-2025-68844

CVE-2025-68844 : Reflected Cross-Site Scripting in WordPress Membee Login widget (membees-member-login-widget) affecting Membee Login versions up to 2.3.6 due to improper input handling during web page generation. The Red Hat and Patchstack entries corroborate the same vulnerability in Membee Login

7.1CVSS5.5AI score0.00045EPSS

Exploits0References1

RedhatCVE•added 2026/01/18 9:18 a.m.•5 views

CVE-2025-10484

The Registration & Login with Mobile Phone Number for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.3.1. This is due to the plugin not properly verifying a users identity prior to authenticating them via the fmalwpsetsessionphpfun...

9.8CVSS5.9AI score0.0052EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:32 a.m.•4 views

CVE-2023-25968

Cross-Site Request Forgery CSRF vulnerability in Cozmoslabs, Madalin Ungureanu, Antohe Cristian Client Portal – Private user pages and login plugin = 1.1.8 versions...

8.8CVSS7.1AI score0.00106EPSS

Exploits0References1

RedHat Linux•added 2025/11/06 5:5 a.m.•3 views

sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems

A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...

8.8CVSS5.8AI score0.00046EPSS

Exploits0References6

RedhatCVE•added 2025/10/16 8:33 a.m.•2 views

CVE-2025-11177

The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in all versions up to, and including, 1.11.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS6.9AI score0.00153EPSS

Exploits0References1

NVD•added 2025/10/15 9:15 a.m.•3 views

CVE-2025-11196

The External Login plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.11.2 due to the 'exlogtestconnection' AJAX action lacking capability checks or nonce validation. This makes it possible for authenticated attackers, with subscriber-leve...

4.3CVSS0.00047EPSS

Exploits0References4

CVE•added 2025/10/15 8:26 a.m.•13 views

CVE-2025-11196

The CVE-2025-11196 issue affects the WordPress External Login plugin (versions up to 1.11.2). The vulnerability is due to the exlog_test_connection AJAX action lacking capability checks or nonce validation, enabling authenticated users with subscriber-level access and above to query the external ...

4.3CVSS5.2AI score0.00047EPSS

Exploits0References4

Cvelist•added 2025/10/15 8:25 a.m.•4 views

CVE-2025-10140 Quick Social Login <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Quick Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quick-login' shortcode in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00032EPSS

Exploits0References3