Lucene search
K

20 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-11315

Malicious code in bioql PyPI...

7.2CVSS7.3AI score0.00799EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/26 4:25 a.m.11 views

CVE-2025-6895 MelaPress Login Security 2.1.0 - 2.1.1 - Authentication Bypass to Privilege Escalation via get_valid_user_based_on_token Function

The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the getvaliduserbasedontoken function in versions 2.1.0 to 2.1.1. This makes it possible for unauthenticated attackers who know an arbitrary user meta value to bypass...

9.8CVSS0.00665EPSS
Exploits0References5
CVE
CVE
added 2025/07/26 4:25 a.m.34 views

CVE-2025-6895

CVE-2025-6895 — Melapress Login Security (WordPress) is an authentication bypass vulnerability in versions 2.1.0–2.1.1. The flaw occurs in get_valid_user_based_on_token(), allowing unauthenticated attackers who know a user meta value to bypass login checks and log in as that user. Multiple connec...

9.8CVSS7AI score0.00665EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/07/26 12:0 a.m.5 views

WordPress plugin Melapress Login Security 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

9.8CVSS6.7AI score0.00665EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/07/26 12:0 a.m.6 views

PT-2025-30957 · WordPress · Melapress Login Security

Name of the Vulnerable Software and Affected Versions: Melapress Login Security versions 2.1.0 through 2.1.1 Description: The Melapress Login Security plugin for WordPress is susceptible to authentication bypass due to missing authorization within the get valid user based on token function. This...

9.8CVSS6.9AI score0.00665EPSS
Exploits0References9
Patchstack
Patchstack
added 2025/07/25 9:38 p.m.7 views

WordPress MelaPress Login Security plugin 2.1.0-2.1.1 - Authentication Bypass to Privilege Escalation via get_valid_user_based_on_token Function

Authentication Bypass to Privilege Escalation via getvaliduserbasedontoken Function vulnerability discovered by kr0d in WordPress Plugin MelaPress Login Security versions 2.1.0-2.1.1...

9.8CVSS6.8AI score0.00665EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/25 11:14 p.m.12 views

CVE-2025-39565

Deserialization of Untrusted Data vulnerability in Melapress MelaPress Login Security melapress-login-security allows Object Injection.This issue affects MelaPress Login Security: from n/a through = 2.1.0...

7.2CVSS7.2AI score0.00799EPSS
Exploits0References1
NVD
NVD
added 2025/04/16 1:15 p.m.14 views

CVE-2025-39565

Deserialization of Untrusted Data vulnerability in Melapress MelaPress Login Security melapress-login-security allows Object Injection.This issue affects MelaPress Login Security: from n/a through = 2.1.0...

7.2CVSS0.00799EPSS
Exploits0References1
CVE
CVE
added 2025/04/16 12:44 p.m.57 views

CVE-2025-39565

CVE-2025-39565 describes a PHP Object Injection via deserialization of untrusted data in the WordPress plugin MelaPress Login Security . Affected versions are from n/a through 2.1.0. Root cause: deserializing untrusted data that can lead to object injection. Impact per sources is high (confidenti...

7.2CVSS7.2AI score0.00799EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/16 12:44 p.m.17 views

CVE-2025-39565 WordPress MelaPress Login Security <= 2.1.0 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in Melapress MelaPress Login Security allows Object Injection. This issue affects MelaPress Login Security: from n/a through 2.1.0...

6.6CVSS7.1AI score0.00799EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/16 12:44 p.m.25 views

CVE-2025-39565 WordPress MelaPress Login Security plugin <= 2.1.0 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in Melapress MelaPress Login Security melapress-login-security allows Object Injection.This issue affects MelaPress Login Security: from n/a through = 2.1.0...

6.6CVSS0.00799EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/16 12:0 a.m.6 views

PT-2025-16596 · Unknown · Melapress Login Security

Name of the Vulnerable Software and Affected Versions: MelaPress Login Security versions n/a through 2.1.0 Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection in MelaPress Login Security. Recommendations: For versions n/a through 2.1.0, update to ...

7.2CVSS7AI score0.00799EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.5 views

WordPress plugin MelaPress Login Security 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

7.2CVSS7.1AI score0.00799EPSS
Exploits0References1
NVD
NVD
added 2025/04/08 12:15 p.m.14 views

CVE-2025-2876

The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitoradminactions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user...

8.2CVSS0.00355EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/04/08 11:11 a.m.14 views

CVE-2025-2876 MelaPress Login Security and MelaPress Login Security Premium 2.1.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion

The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitoradminactions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user...

5.3CVSS7AI score0.00355EPSS
Exploits0References4
CVE
CVE
added 2025/04/08 11:11 a.m.79 views

CVE-2025-2876

CVE-2025-2876 affects MelaPress Login Security and MelaPress Login Security Premium for WordPress. Root cause: missing capability check in monitor_admin_actions in version 2.1.0, enabling unauthenticated users to delete any user. Impact from sources: data loss via unauthorized user deletion. Reme...

8.2CVSS7AI score0.00355EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2025/04/08 12:0 a.m.4 views

WordPress plugin MelaPress Login Security和WordPress plugin MelaPress Login Security Premium 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.2CVSS8.2AI score0.00355EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.6 views

PT-2025-15420 · Unknown · Melapress Login Security Premium +1

Name of the Vulnerable Software and Affected Versions: MelaPress Login Security and MelaPress Login Security Premium versions 2.1.0 Description: The issue is related to unauthorized loss of data due to a missing capability check on the monitor admin actions function. This allows unauthenticated...

8.2CVSS9.2AI score0.00355EPSS
Exploits0References12
OSV
OSV
added 2024/06/10 4:15 p.m.3 views

CVE-2024-35650

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Melapress MelaPress Login Security allows PHP Remote File Inclusion.This issue affects MelaPress Login Security: from n/a through 1.3.0...

7.2CVSS5.8AI score0.00558EPSS
Exploits0References1
CVE
CVE
added 2024/06/10 3:43 p.m.52 views

CVE-2024-35650

The CVE CVE-2024-35650 concerns the MelaPress Login Security WordPress plugin. It is described as an authenticated (Admin+) PHP Remote File Inclusion vulnerability caused by improper control of the filename used in include/require statements. Affected software: Melapress Login Security versions u...

7.2CVSS5.9AI score0.00558EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder