PT-2026-20699

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP Activity Log wp-security-audit-log allows DOM-Based XSS.This issue affects WP Activity Log: from n/a through = 5.5.4...

WordPress MelaPress Login Security Premium plugin 2.1.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary User Deletion vulnerability discovered by Michelle Porter - Wordfence in WordPress Plugin MelaPress Login Security Premium versions 2.1.0...

CVE-2025-6895

The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the getvaliduserbasedontoken function in versions 2.1.0 to 2.1.1. This makes it possible for unauthenticated attackers who know an arbitrary user meta value to bypass...

CVE-2025-3702 WordPress Melapress File Monitor plugin < 2.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Melapress Melapress File Monitor website-file-changes-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Melapress File Monitor: from n/a through 2.2.0...

CVE-2024-10009

The Melapress File Monitor WordPress plugin before 2.1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...

CVE-2024-9879

The Melapress File Monitor WordPress plugin before 2.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...