EUVD-2026-37629

Unauthenticated Insecure Direct Object References IDOR in Clean Login = 1.15 versions...

CVE-2026-54184

Unauthenticated Insecure Direct Object References IDOR in Clean Login = 1.15 versions...

CVE-2026-54184 WordPress Clean Login plugin <= 1.15 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in Clean Login = 1.15 versions...

CVE-2026-54184

The CVE concerns WordPress plugin Clean Login prior to or up to version 1.15 with an Unauthenticated Insecure Direct Object References (IDOR) vulnerability. The root cause is an IDOR issue in the plugin, potentially exposing object identifiers to unauthenticated users. CVSS 3.1 metrics indicate h...

WordPress Clean Login <= 1.14.5 Authenticated (Contributor+) - Local File Inclusion

The Clean Login plugin for WordPress up to version 1.14.5 contains a path traversal caused by the 'template' attribute in the clean-login-register shortcode, letting authenticated attackers with contributor access include and execute arbitrary files, exploit requires attacker to have contributor ...

EUVD-2017-17816

Malware in sbrugna...

EUVD-2015-9176

Malware in sbrugna...

EUVD-2022-52115

Malicious code in bioql PyPI...

CVE-2022-4838

The Clean Login WordPress plugin before 1.13.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

CVE-2015-9336

The clean-login plugin before 1.5.1 for WordPress has reflected XSS...

CVE-2024-8252

The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...

CVE-2024-8252

The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...

CVE-2024-8252

The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...

CVE-2024-8252

CVE-2024-8252 affects the Clean Login WordPress plugin. Local File Inclusion via the template attribute in the clean-login-register shortcode exists in all versions up to 1.14.5. Authenticated attackers with Contributor-level access can include server files and execute PHP code, potentially bypas...

WordPress Clean Login plugin <= 1.14.5 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by wesley wcraft in WordPress Plugin Clean Login versions = 1.14.5...

WordPress Clean Login Plugin <= 1.14.5 is vulnerable to Local File Inclusion

Software Clean Login Type Plugin Vulnerable versions = 1.14.5 Fixed in 1.14.6 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-8252 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID bdf0887c817a Credits wesley wcraft Required privilege Contributor...

WordPress plugin Clean Login 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-38890

Name of the Vulnerable Software and Affected Versions: Clean Login plugin for WordPress versions up to, and including, 1.14.5 Description: The Clean Login plugin for WordPress is vulnerable to Local File Inclusion via the template attribute of the clean-login-register shortcode. This allows...

CVE-2022-4838

The Clean Login WordPress plugin before 1.13.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

Cross site scripting

The Clean Login WordPress plugin before 1.13.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...