CVE-2022-4838

The CVE-2022-4838 entry concerns the WordPress plugin Clean Login before 1.13.7. The issue is a Stored XSS via shortcode attributes: the plugin does not validate and escape certain shortcode attributes before output, enabling a low-privilege user (as low as Contributor) to inject scripts that cou...

CVE-2015-9336

The CVE-2015-9336 entry concerns the WordPress plugin clean-login, prior to version 1.5.1, which has a reflected XSS vulnerability. Affected component: clean-login plugin for WordPress. Root cause: input reflected in the response without proper sanitization (XSS). Practical impact: potential exec...

CVE-2017-8875

The CVE-2017-8875 entry concerns the Clean Login plugin for WordPress prior to version 1.8. An explicit CSRF vulnerability allows remote attackers to modify the login/logout redirect URLs. The issue targets the plugin’s CSRF protection around the redirect URL settings (as evidenced by PoC in WPEX...

CVE-2024-8252

CVE-2024-8252 affects the Clean Login WordPress plugin. Local File Inclusion via the template attribute in the clean-login-register shortcode exists in all versions up to 1.14.5. Authenticated attackers with Contributor-level access can include server files and execute PHP code, potentially bypas...