Lucene search
K

101 matches found

Patchstack
Patchstack
added 2 days ago7 views

WordPress LoginPress Pro plugin <= 6.2.3 - Unauthenticated Authentication Bypass vulnerability

Unauthenticated Authentication Bypass vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin LoginPress Pro versions = 6.2.3...

8.1CVSS5.9AI score0.00422EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago9 views

WordPress LoginPress Pro plugin <= 6.2.3 - Unauthenticated Authentication Bypass vulnerability

Unauthenticated Authentication Bypass vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin LoginPress Pro versions = 6.2.3...

8.1CVSS5.9AI score0.00347EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2 days ago8 views

WordPress LoginPress Pro plugin <= 6.2.3 - Unauthenticated Authentication Bypass vulnerability

Unauthenticated Authentication Bypass vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin LoginPress Pro versions = 6.2.3...

8.1CVSS5.9AI score0.00347EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-42759

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpressondiscordlogin Discord OAuth callback handler, which accepts the email field returned by Discord's...

8.1CVSS5.9AI score0.00347EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-42758

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OAuth callback in versions up to, and including, 6.2.3. The vulnerability exists in the loginpressongithublogin function, which blindly trusts the first element profile0'email' of the array returned by...

8.1CVSS6AI score0.00422EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-42760

The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to and including 6.2.3 via the Spotify Social Login addon. This is due to the loginpressonspotifylogin function trusting the unverified 'email' field returned by Spotify's /v1/me endpoint and using it...

8.1CVSS5.9AI score0.00347EPSS
Exploits0References3
NVD
NVD
added 2 days ago5 views

CVE-2026-12595

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpressondiscordlogin Discord OAuth callback handler, which accepts the email field returned by Discord's...

8.1CVSS0.00347EPSS
Exploits0References2
NVD
NVD
added 2 days ago5 views

CVE-2026-12597

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OAuth callback in versions up to, and including, 6.2.3. The vulnerability exists in the loginpressongithublogin function, which blindly trusts the first element profile0'email' of the array returned by...

8.1CVSS0.00422EPSS
Exploits0References2
NVD
NVD
added 2 days ago5 views

CVE-2026-12598

The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to and including 6.2.3 via the Spotify Social Login addon. This is due to the loginpressonspotifylogin function trusting the unverified 'email' field returned by Spotify's /v1/me endpoint and using it...

8.1CVSS0.00347EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago27 views

CVE-2026-12595 LoginPress Pro <= 6.2.3 - Unauthenticated Authentication Bypass via Unverified OAuth Email via Discord OAuth Callback

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpressondiscordlogin Discord OAuth callback handler, which accepts the email field returned by Discord's...

8.1CVSS0.00347EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-12598 LoginPress Pro <= 6.2.3 - Unauthenticated Authentication Bypass via Unverified OAuth Email in Spotify OAuth Callback

The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to and including 6.2.3 via the Spotify Social Login addon. This is due to the loginpressonspotifylogin function trusting the unverified 'email' field returned by Spotify's /v1/me endpoint and using it...

8.1CVSS0.00347EPSS
Exploits0References2
CVE
CVE
added 3 days ago8 views

CVE-2026-12598

CVE-2026-12598 affects the LoginPress Pro WordPress plugin (≤ 6.2.3) via the Spotify Social Login addon. The vulnerability arises because loginpress_on_spotify_login() trusts the unverified email from Spotify’s /v1/me endpoint and uses that email with get_user_by('email') to identify/login an exi...

8.1CVSS5.9AI score0.00347EPSS
Exploits0References2
CVE
CVE
added 3 days ago11 views

CVE-2026-12595

CVE-2026-12595 concerns the LoginPress Pro WordPress plugin. It enables an unauthenticated attacker to bypass authentication via an unverified Discord email. The flaw resides in the loginpress_on_discord_login() OAuth callback handler, which accepts the email from Discord’s /users/@me response wi...

8.1CVSS5.9AI score0.00347EPSS
Exploits0References2
CVE
CVE
added 3 days ago7 views

CVE-2026-12597

Summary (CVE-2026-12597) : The LoginPress Pro WordPress plugin (versions up to and including 6.2.3) contains an authentication bypass via the GitHub OAuth callback. The flaw resides in the loginpress_on_github_login() function, which blindly trusts the first element (profile[0]['email']) from Git...

8.1CVSS6AI score0.00422EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-12597 LoginPress Pro <= 6.2.3 - Unauthenticated Authentication Bypass via Unverified OAuth Email via GitHub OAuth Callback

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OAuth callback in versions up to, and including, 6.2.3. The vulnerability exists in the loginpressongithublogin function, which blindly trusts the first element profile0'email' of the array returned by...

8.1CVSS0.00422EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37613

Unauthenticated Privilege Escalation in LoginPress Pro = 6.2.2 versions...

9.8CVSS5.2AI score0.00321EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.11 views

CVE-2026-49058

Unauthenticated Privilege Escalation in LoginPress Pro = 6.2.2 versions...

9.8CVSS0.00321EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:51 a.m.17 views

CVE-2026-49058

CVE-2026-49058 affects WordPress LoginPress Pro plugin versions

9.8CVSS5.2AI score0.00321EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:51 a.m.34 views

CVE-2026-49058 WordPress LoginPress Pro plugin <= 6.2.2 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in LoginPress Pro = 6.2.2 versions...

9.8CVSS0.00321EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/08 1:1 p.m.9 views

WordPress LoginPress Pro plugin <= 6.2.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by wackydawg in WordPress Plugin LoginPress Pro versions = 6.2.2...

9.8CVSS5.5AI score0.00321EPSS
Exploits0Affected Software1
Rows per page
Query Builder