Lucene search
K

101 matches found

NVD
NVD
added 2025/03/14 6:15 a.m.10 views

CVE-2025-1764

The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the 'custompluginsetoption' function. This makes it possible for...

7.5CVSS0.00203EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/14 5:24 a.m.9 views

CVE-2025-1764 LoginPress <= 3.3.1 - Cross-Site Request Forgery to Arbitrary Options Update

The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the 'custompluginsetoption' function. This makes it possible for...

7.5CVSS7.5AI score0.00203EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/03/14 5:24 a.m.13 views

CVE-2025-1764 LoginPress <= 3.3.1 - Cross-Site Request Forgery to Arbitrary Options Update

The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the 'custompluginsetoption' function. This makes it possible for...

7.5CVSS0.00203EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/03/14 12:0 a.m.4 views

WordPress plugin LoginPress 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

7.5CVSS8.7AI score0.00203EPSS
Exploits0References6
Patchstack
Patchstack
added 2025/03/13 5:29 p.m.5 views

WordPress LoginPress plugin <= 3.3.1 - Cross-Site Request Forgery to Arbitrary Options Update vulnerability

Cross-Site Request Forgery to Arbitrary Options Update vulnerability discovered by Carlos Ferreira in WordPress Plugin LoginPress versions = 3.3.1...

7.5CVSS8.8AI score0.00203EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/04/25 11:15 a.m.21 views

CVE-2024-32676

Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress Pro allows Removing Important Client Functionality.This issue affects LoginPress Pro: from n/a before 3.0.0...

5.3CVSS5.4AI score0.0043EPSS
Exploits0References1
CVE
CVE
added 2024/04/25 10:43 a.m.101 views

CVE-2024-32676

The CVE-2024-32676 entry concerns LoginPress Pro prior to version 3.0.0, with documented details in connected sources indicating a Captcha Bypass in LoginPress Pro (|Captcha Bypass|) and related authorization issues. The vulnerability is categorized as Improper Restriction of Excessive Authentica...

5.3CVSS6.8AI score0.0043EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/25 10:43 a.m.29 views

CVE-2024-32676 WordPress LoginPress Pro plugin < 3.0.0 - Captcha Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress Pro allows Removing Important Client Functionality.This issue affects LoginPress Pro: from n/a before 3.0.0...

5.3CVSS5.6AI score0.0043EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/25 10:43 a.m.19 views

CVE-2024-32676 WordPress LoginPress Pro plugin < 3.0.0 - Captcha Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress Pro allows Removing Important Client Functionality.This issue affects LoginPress Pro: from n/a before 3.0.0...

5.3CVSS7AI score0.0043EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/25 12:0 a.m.30 views

LoginPress Pro < 3.0.0 - Captcha Bypass

Description The plugin is vulnerable to Bypass, allowing unauthenticated attackers to bypass the Captcha Verification...

5.3CVSS5.3AI score0.0043EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/25 12:0 a.m.14 views

LoginPress Pro < 3.0.0 - Unauthenticated License Activation/Deactivation

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check, allowing unauthenticated attacks to activate and deactivate licenses...

6.5CVSS6.4AI score0.00531EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/04/25 12:0 a.m.4 views

WordPress plugin LoginPress Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS6.9AI score0.0043EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/25 12:0 a.m.4 views

PT-2024-24761 · Unknown · Loginpress Pro

Name of the Vulnerable Software and Affected Versions: LoginPress Pro versions prior to 3.0.0 Description: The issue is related to an Improper Restriction of Excessive Authentication Attempts, which allows for the removal of important client functionality. Recommendations: For versions prior to...

5.3CVSS6.9AI score0.0043EPSS
Exploits0References4
NVD
NVD
added 2024/04/24 4:15 p.m.16 views

CVE-2024-32677

Missing Authorization vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before 3.0.0...

5.3CVSS6.5AI score0.00531EPSS
Exploits0References1
CVE
CVE
added 2024/04/24 3:24 p.m.73 views

CVE-2024-32677

CVE-2024-32677 affects LoginPress Pro (before 3.0.0). The Red Hat and Wordfence references describe a Missing Authorization to License Status Update vulnerability in LoginPress Pro; no exploit, impact, or remediation details are provided in the connected documents.

6.5CVSS5.2AI score0.00531EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/24 3:24 p.m.31 views

CVE-2024-32677 WordPress LoginPress Pro plugin < 3.0.0 - Unauth. License Activation/Deactivation vulnerability

Missing Authorization vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before 3.0.0...

5.3CVSS6.7AI score0.00531EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/24 3:24 p.m.14 views

CVE-2024-32677 WordPress LoginPress Pro plugin < 3.0.0 - Unauth. License Activation/Deactivation vulnerability

Missing Authorization vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before 3.0.0...

6.5CVSS6.9AI score0.00531EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/24 12:0 a.m.4 views

PT-2024-24762 · Unknown · Loginpress Pro

Name of the Vulnerable Software and Affected Versions: LoginPress Pro versions prior to 3.0.0 Description: The issue is related to a Missing Authorization vulnerability in LoginPress Pro. Recommendations: For versions prior to 3.0.0, update to version 3.0.0 or later to resolve the issue...

6.5CVSS6.7AI score0.00531EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/24 12:0 a.m.6 views

WordPress plugin LoginPress Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS6.7AI score0.00531EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/04/17 11:6 a.m.5 views

WordPress LoginPress Pro plugin < 3.0.0 - Unauth. License Activation/Deactivation vulnerability

Unauth. License Activation/Deactivation vulnerability discovered by Dave Jong Patchstack in WordPress Plugin LoginPress Pro versions 3.0.0...

6.5CVSS7AI score0.00531EPSS
Exploits0Affected Software1
Rows per page
Query Builder