101 matches found
WordPress LoginPress Pro plugin <= 6.2.3 - Unauthenticated Authentication Bypass vulnerability
Unauthenticated Authentication Bypass vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin LoginPress Pro versions = 6.2.3...
WordPress LoginPress Pro plugin <= 6.2.3 - Unauthenticated Authentication Bypass vulnerability
Unauthenticated Authentication Bypass vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin LoginPress Pro versions = 6.2.3...
WordPress LoginPress Pro plugin <= 6.2.3 - Unauthenticated Authentication Bypass vulnerability
Unauthenticated Authentication Bypass vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin LoginPress Pro versions = 6.2.3...
EUVD-2026-42759
The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpressondiscordlogin Discord OAuth callback handler, which accepts the email field returned by Discord's...
EUVD-2026-42758
The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OAuth callback in versions up to, and including, 6.2.3. The vulnerability exists in the loginpressongithublogin function, which blindly trusts the first element profile0'email' of the array returned by...
EUVD-2026-42760
The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to and including 6.2.3 via the Spotify Social Login addon. This is due to the loginpressonspotifylogin function trusting the unverified 'email' field returned by Spotify's /v1/me endpoint and using it...
CVE-2026-12595
The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpressondiscordlogin Discord OAuth callback handler, which accepts the email field returned by Discord's...
CVE-2026-12597
The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OAuth callback in versions up to, and including, 6.2.3. The vulnerability exists in the loginpressongithublogin function, which blindly trusts the first element profile0'email' of the array returned by...
CVE-2026-12598
The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to and including 6.2.3 via the Spotify Social Login addon. This is due to the loginpressonspotifylogin function trusting the unverified 'email' field returned by Spotify's /v1/me endpoint and using it...
CVE-2026-12595 LoginPress Pro <= 6.2.3 - Unauthenticated Authentication Bypass via Unverified OAuth Email via Discord OAuth Callback
The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpressondiscordlogin Discord OAuth callback handler, which accepts the email field returned by Discord's...
CVE-2026-12598 LoginPress Pro <= 6.2.3 - Unauthenticated Authentication Bypass via Unverified OAuth Email in Spotify OAuth Callback
The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to and including 6.2.3 via the Spotify Social Login addon. This is due to the loginpressonspotifylogin function trusting the unverified 'email' field returned by Spotify's /v1/me endpoint and using it...
CVE-2026-12598
CVE-2026-12598 affects the LoginPress Pro WordPress plugin (≤ 6.2.3) via the Spotify Social Login addon. The vulnerability arises because loginpress_on_spotify_login() trusts the unverified email from Spotify’s /v1/me endpoint and uses that email with get_user_by('email') to identify/login an exi...
CVE-2026-12595
CVE-2026-12595 concerns the LoginPress Pro WordPress plugin. It enables an unauthenticated attacker to bypass authentication via an unverified Discord email. The flaw resides in the loginpress_on_discord_login() OAuth callback handler, which accepts the email from Discord’s /users/@me response wi...
CVE-2026-12597
Summary (CVE-2026-12597) : The LoginPress Pro WordPress plugin (versions up to and including 6.2.3) contains an authentication bypass via the GitHub OAuth callback. The flaw resides in the loginpress_on_github_login() function, which blindly trusts the first element (profile[0]['email']) from Git...
CVE-2026-12597 LoginPress Pro <= 6.2.3 - Unauthenticated Authentication Bypass via Unverified OAuth Email via GitHub OAuth Callback
The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OAuth callback in versions up to, and including, 6.2.3. The vulnerability exists in the loginpressongithublogin function, which blindly trusts the first element profile0'email' of the array returned by...
EUVD-2026-37613
Unauthenticated Privilege Escalation in LoginPress Pro = 6.2.2 versions...
CVE-2026-49058
Unauthenticated Privilege Escalation in LoginPress Pro = 6.2.2 versions...
CVE-2026-49058
CVE-2026-49058 affects WordPress LoginPress Pro plugin versions
CVE-2026-49058 WordPress LoginPress Pro plugin <= 6.2.2 - Privilege Escalation vulnerability
Unauthenticated Privilege Escalation in LoginPress Pro = 6.2.2 versions...
WordPress LoginPress Pro plugin <= 6.2.2 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by wackydawg in WordPress Plugin LoginPress Pro versions = 6.2.2...