RSS   Vulnerabilities for 'Loginpress'   RSS

2022-03-07
 
CVE-2022-0347

CWE-79
 

 
The LoginPress | Custom Login Page Customizer WordPress plugin before 1.5.12 does not escape the redirect-page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting

 
2019-09-03
 
CVE-2019-15872

CWE-89
 

 
The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings.

 
 
CVE-2019-15871

CWE-275
 

 
The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings.

 

 >>> Vendor: Wpbrigade 3 Products
Loginpress
Simple social media share buttons
Simple social buttons


Copyright 2022, cxsecurity.com

 

Back to Top