The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings.
4.3CVSS
5.6AI Score
0.001EPSS
The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings.
9.8CVSS
9.9AI Score
0.002EPSS
The LoginPress | Custom Login Page Customizer WordPress plugin before 1.5.12 does not escape the redirect-page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting
6.1CVSS
6AI Score
0.001EPSS
Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings.
5.3CVSS
5.2AI Score
0.001EPSS