CVE-2025-49902

Missing Authorization vulnerability in A WP Life Login Page Customizer – Customizer Login Page, Admin Page, Custom Design customizer-login-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Page Customizer – Customizer Login Page, Admin Page,...

WordPress Login Page Customizer – Customizer Login Page, Admin Page, Custom Design plugin <= 2.1.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Login Page Customizer Customizer Login Page, Admin Page, Custom Design versions = 2.1.1...

PT-2023-31704

Name of the Vulnerable Software and Affected Versions Defender Security WordPress plugin versions prior to 4.1.0 Description The issue allows an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled, due to the plugin not preventing...

WordPress Login Page Styler Plugin <= 6.2 is vulnerable to Cross Site Scripting (XSS)

Software Login Page Styler Type Plugin Vulnerable versions = 6.2 Fixed in 6.2.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-46861 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c713b1568697 Credits Justiice Required...

Auth0 < 3.11.3 - Unauthenticated Reflected XSS via wle Parameter

XSS via a wle parameter associated with wp-login.php. WP/wp-login.php?wle=%22%20onEvent%3DX186697040Y2Z%20...

Threat Actors Target Chinese Language News Sites

A California-based news website covering China, called China Digital Times, was targeted in a spying campaign that involved phishing lures and the use of the NetWire remote access Trojan. The attacks began in February 2017 and were part of a wider campaign of phishing, reconnaissance and malware...