20 matches found
EUVD-2025-11315
Malicious code in bioql PyPI...
CVE-2025-6895 MelaPress Login Security 2.1.0 - 2.1.1 - Authentication Bypass to Privilege Escalation via get_valid_user_based_on_token Function
The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the getvaliduserbasedontoken function in versions 2.1.0 to 2.1.1. This makes it possible for unauthenticated attackers who know an arbitrary user meta value to bypass...
CVE-2025-6895
CVE-2025-6895 — Melapress Login Security (WordPress) is an authentication bypass vulnerability in versions 2.1.0–2.1.1. The flaw occurs in get_valid_user_based_on_token(), allowing unauthenticated attackers who know a user meta value to bypass login checks and log in as that user. Multiple connec...
WordPress plugin Melapress Login Security 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
PT-2025-30957 · WordPress · Melapress Login Security
Name of the Vulnerable Software and Affected Versions: Melapress Login Security versions 2.1.0 through 2.1.1 Description: The Melapress Login Security plugin for WordPress is susceptible to authentication bypass due to missing authorization within the get valid user based on token function. This...
WordPress MelaPress Login Security plugin 2.1.0-2.1.1 - Authentication Bypass to Privilege Escalation via get_valid_user_based_on_token Function
Authentication Bypass to Privilege Escalation via getvaliduserbasedontoken Function vulnerability discovered by kr0d in WordPress Plugin MelaPress Login Security versions 2.1.0-2.1.1...
CVE-2025-39565
Deserialization of Untrusted Data vulnerability in Melapress MelaPress Login Security melapress-login-security allows Object Injection.This issue affects MelaPress Login Security: from n/a through = 2.1.0...
CVE-2025-39565
Deserialization of Untrusted Data vulnerability in Melapress MelaPress Login Security melapress-login-security allows Object Injection.This issue affects MelaPress Login Security: from n/a through = 2.1.0...
CVE-2025-39565
CVE-2025-39565 describes a PHP Object Injection via deserialization of untrusted data in the WordPress plugin MelaPress Login Security . Affected versions are from n/a through 2.1.0. Root cause: deserializing untrusted data that can lead to object injection. Impact per sources is high (confidenti...
CVE-2025-39565 WordPress MelaPress Login Security <= 2.1.0 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Melapress MelaPress Login Security allows Object Injection. This issue affects MelaPress Login Security: from n/a through 2.1.0...
CVE-2025-39565 WordPress MelaPress Login Security plugin <= 2.1.0 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Melapress MelaPress Login Security melapress-login-security allows Object Injection.This issue affects MelaPress Login Security: from n/a through = 2.1.0...
PT-2025-16596 · Unknown · Melapress Login Security
Name of the Vulnerable Software and Affected Versions: MelaPress Login Security versions n/a through 2.1.0 Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection in MelaPress Login Security. Recommendations: For versions n/a through 2.1.0, update to ...
WordPress plugin MelaPress Login Security 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
CVE-2025-2876
The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitoradminactions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user...
CVE-2025-2876 MelaPress Login Security and MelaPress Login Security Premium 2.1.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion
The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitoradminactions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user...
CVE-2025-2876
CVE-2025-2876 affects MelaPress Login Security and MelaPress Login Security Premium for WordPress. Root cause: missing capability check in monitor_admin_actions in version 2.1.0, enabling unauthenticated users to delete any user. Impact from sources: data loss via unauthorized user deletion. Reme...
WordPress plugin MelaPress Login Security和WordPress plugin MelaPress Login Security Premium 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-15420 · Unknown · Melapress Login Security Premium +1
Name of the Vulnerable Software and Affected Versions: MelaPress Login Security and MelaPress Login Security Premium versions 2.1.0 Description: The issue is related to unauthorized loss of data due to a missing capability check on the monitor admin actions function. This allows unauthenticated...
CVE-2024-35650
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Melapress MelaPress Login Security allows PHP Remote File Inclusion.This issue affects MelaPress Login Security: from n/a through 1.3.0...
CVE-2024-35650
The CVE CVE-2024-35650 concerns the MelaPress Login Security WordPress plugin. It is described as an authenticated (Admin+) PHP Remote File Inclusion vulnerability caused by improper control of the filename used in include/require statements. Affected software: Melapress Login Security versions u...