WordPress login_register plugin <= 1.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin loginregister versions = 1.2.0...

CVE-2026-1503

The loginregister plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 1.2.0. This is due to missing nonce validation on the settings page and insufficient input sanitization and output escaping on the...

PT-2026-26811

The login register plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 1.2.0. This is due to missing nonce validation on the settings page and insufficient input sanitization and output escaping on the 'login regist...

CVE-2025-14440

The JAY Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.01. This is due to incorrect authentication checking in the 'jayloginregisterprocessswitchback' function with the 'jayloginregisterprocessswitchback' cookie value. This makes...

CVE-2024-11951

CVE-2024-11951 affects the WordPress plugin “Homey Login Register.” The issue: unauthenticated users who register new accounts can set their own role, enabling privilege escalation to administrator. Affected versions: up to and including 2.4.0. Exploitation details are not provided in the initial...

PT-2025-4930 · Mohsin Khan · Wp Front-End Login/Register

Name of the Vulnerable Software and Affected Versions: Mohsin khan WP Front-end login and register versions prior to 2.1.0 Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected Cross-site Scripting XSS. This problem affects th...

CVE-2023-26009 WordPress Houzez Login Register plugin <= 2.6.3 - Privilege Escalation

Improper Privilege Management vulnerability in Favethemes Houzez Login Register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through 2.6.3...

Directory traversal

Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a loadtemplate action to wp-admin/admin-ajax.php...

CVE-2015-4153 - WordPress zM Ajax Login &amp; Register Plugin [Local File Inclusion]

Exploit Title: CVE-2015-4153 - WordPress zM Ajax Login & Register Plugin Local File Inclusion Date: 2015/06/01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://zanematthew.com/ Software Link:...