Clean Login Security Vulnerabilities and Issues — Clean Login CVE List

Lucene search

CodectionClean Login

4 matches found

CVE•added 2023/02/06 8:15 p.m.•57 views

CVE-2022-4838

The Clean Login WordPress plugin before 1.13.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege u...

5.4CVSS5.3AI score0.0029EPSS

CVE•added 2019/08/22 1:15 p.m.•38 views

CVE-2015-9336

The clean-login plugin before 1.5.1 for WordPress has reflected XSS.

6.1CVSS6.4AI score0.0019EPSS

CVE•added 2024/08/30 10:15 a.m.•33 views

CVE-2024-8252

The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and exe...

8.8CVSS8.9AI score0.18716EPSS

CVE•added 2017/05/10 5:29 a.m.•31 views

CVE-2017-8875

CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL.

6.5CVSS6.6AI score0.00133EPSS