4 matches found
EUVD-2025-60954
The WP Custom Admin Login Page Logo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.8.4. This is due to missing or incorrect nonce validation on the wpclplsave functionality. This makes it possible for unauthenticated attackers to modify...
CVE-2025-12132
The CVE-2025-12132 entry concerns the WP Custom Admin Login Page Logo plugin for WordPress. A CSRF vulnerability exists in versions up to 1.4.8.4 due to missing or incorrect nonce validation on the wpclpl_save function, allowing unauthenticated attackers to modify plugin settings by tricking a si...
CVE-2025-12132 WP Custom Admin Login Page Logo <= 1.4.8.4 - Cross-Site Request Forgery to Settings Update
The WP Custom Admin Login Page Logo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.8.4. This is due to missing or incorrect nonce validation on the wpclplsave functionality. This makes it possible for unauthenticated attackers to modify...
WordPress WP Custom Admin Login Page Logo plugin <= 1.4.8.4 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin WP Custom Admin Login Page Logo versions = 1.4.8.4...