Lucene search
K

101 matches found

Prion
Prion
added 2022/03/07 9:15 a.m.24 views

Cross site scripting

The LoginPress | Custom Login Page Customizer WordPress plugin before 1.5.12 does not escape the redirect-page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting...

4.3CVSS6.1AI score0.00788EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/03/07 8:16 a.m.19 views

CVE-2022-0347 LoginPress < 1.5.12 - Reflected Cross-Site Scripting

The LoginPress | Custom Login Page Customizer WordPress plugin before 1.5.12 does not escape the redirect-page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting...

6.2AI score0.00788EPSS
Exploits2References1
CVE
CVE
added 2022/03/07 8:16 a.m.99 views

CVE-2022-0347

CVE-2022-0347 affects the LoginPress | Custom Login Page Customizer WordPress plugin prior to 1.5.12. The root cause is that the redirect-page parameter is not escaped before being output in an attribute, enabling a Reflected Cross-Site Scripting attack. This can allow an attacker to inject JavaS...

6.1CVSS6AI score0.00788EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/03/07 12:0 a.m.15 views

WordPress的LoginPress | Custom Login Page Customizer插件跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress LoginPress Plugin versions prior to 1.5.12, which ste...

6.1CVSS5.6AI score0.00788EPSS
Exploits2References2
wpexploit
wpexploit
added 2022/02/14 12:0 a.m.136 views

LoginPress < 1.5.12 - Reflected Cross-Site Scripting

The plugin does not escape the redirect-page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting...

6.1CVSS1.4AI score0.00788EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2022/02/14 12:0 a.m.20 views

LoginPress < 1.5.12 - Reflected Cross-Site Scripting

The plugin does not escape the redirect-page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting PoC...

6.1CVSS0.7AI score0.00788EPSS
Exploits2Affected Software1
OpenVAS
OpenVAS
added 2019/09/12 12:0 a.m.36 views

WordPress LoginPress Plugin < 1.1.4 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113514";...

9.8CVSS5.7AI score0.02212EPSS
Exploits2References2
CNVD
CNVD
added 2019/09/05 12:0 a.m.2 views

WordPress LoginPress Plugin SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.LoginPress is a login page customization plugin used in it. A SQL injection vulnerability exists in WordPress LoginPress plugin version...

9.8CVSS8AI score0.02212EPSS
Exploits1References1
CNVD
CNVD
added 2019/09/05 12:0 a.m.2 views

WordPress LoginPress Plugin Authorization Issue Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.LoginPress is a login page customization plugin used in it. An authorization issue vulnerability exists in the WordPress LoginPress...

4.3CVSS6.7AI score0.00889EPSS
Exploits1References1
OSV
OSV
added 2019/09/03 1:15 p.m.4 views

CVE-2019-15872

The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings...

9.8CVSS7.4AI score0.02212EPSS
Exploits1References2
NVD
NVD
added 2019/09/03 1:15 p.m.24 views

CVE-2019-15872

The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings...

9.8CVSS10AI score0.02212EPSS
Exploits1References2
OSV
OSV
added 2019/09/03 1:15 p.m.5 views

CVE-2019-15871

The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings...

4.3CVSS6.1AI score0.00889EPSS
Exploits1References2
NVD
NVD
added 2019/09/03 1:15 p.m.25 views

CVE-2019-15871

The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings...

4.3CVSS4.7AI score0.00889EPSS
Exploits1References2
Prion
Prion
added 2019/09/03 1:15 p.m.12 views

Design/Logic Flaw

The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings...

4CVSS4.8AI score0.00889EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2019/09/03 1:15 p.m.16 views

Sql injection

The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings...

7.5CVSS9.9AI score0.02212EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2019/09/03 12:19 p.m.81 views

CVE-2019-15871

CVE-2019-15871 affects the WordPress LoginPress plugin prior to version 1.1.4. The root cause is a missing capability check for updates to settings, enabling unauthorized actions related to configuration changes. Public references confirm the issue in/LoginPress plugin and echo the need for a ven...

4.3CVSS5.6AI score0.00889EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/09/03 12:19 p.m.19 views

CVE-2019-15871

The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings...

5.7AI score0.00889EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/09/03 12:17 p.m.19 views

CVE-2019-15872

The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings...

10AI score0.02212EPSS
Exploits1References2
CVE
CVE
added 2019/09/03 12:17 p.m.83 views

CVE-2019-15872

CVE-2019-15872 affects the WordPress LoginPress plugin prior to version 1.1.4, with a SQL injection via an import of settings. The NVD entry rates CVSSv3 as 9.8 (CRITICAL) and CVSSv2 as 7.5 (HIGH). Multiple sources corroborate: vulnerability in LoginPress

9.8CVSS9.9AI score0.02212EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2018/11/29 12:0 a.m.23 views

LoginPress <= 1.1.15 - Authenticated Blind SQL Injection

Blind time-based SQL injection, combined with lack of permission check resulted in an unauthorised attack which can be performed by any user on the site including subscriber profiles. 1. Lack of permission check in settings import Similar to our recent analysis, this vulnerability was also caused...

0.8AI score
Exploits0References1Affected Software1
Rows per page
Query Builder