Lucene search

Clean Login Security Vulnerabilities

cve

CVE-2015-9336

The clean-login plugin before 1.5.1 for WordPress has reflected XSS.

6.1CVSS

6.4AI Score

0.001EPSS

2019-08-22 01:15 PM

cve

CVE-2017-8875

CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL.

6.5CVSS

6.6AI Score

0.001EPSS

2017-05-10 05:29 AM

cve

CVE-2022-4838

The Clean Login WordPress plugin before 1.13.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege u...

5.4CVSS

5.3AI Score

0.001EPSS

2023-02-06 08:15 PM

cve

CVE-2024-8252

The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and exe...

8.8CVSS

8.9AI Score

0.001EPSS

2024-08-30 10:15 AM