Vulnerabilities and security researches fordologin dologin

Jun 06, 2024

CVE, Research URL: CVE-2023-4800
Home page URL: Security reports for DoLogin Security
Application: DoLogin Security
Date: Oct 17, 2023
Research Description: The DoLogin Security WordPress plugin before 3.7.1 does not restrict the access of a widget that shows the IPs of failed logins to low privileged users.
Affected versions: max 3.7.1.
Status: vulnerable

CVE, Research URL: 0ce96febe7b9755fbb1e0e6afd5664058b92248c
Home page URL: Security reports for DoLogin Security
Application: DoLogin Security
Date: Aug 21, 2023
Research Description: DoLogin Security [dologin] < 3.7 DoLogin Security <= 3.6 - IP Address Spoofing The DoLogin Security plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 3.6. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from logging in.
Affected versions: max 3.7.
Status: vulnerable

CVE, Research URL: CVE-2023-4549
Home page URL: Security reports for DoLogin Security
Application: DoLogin Security
Date: Sep 25, 2023
Research Description: The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form.
Affected versions: max 3.7.
Status: vulnerable

CVE, Research URL: CVE-2023-4631
Home page URL: Security reports for DoLogin Security
Application: DoLogin Security
Date: Sep 25, 2023
Research Description: The DoLogin Security WordPress plugin before 3.7 uses headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing.
Affected versions: max 3.7.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-46608
Home page URL: Security reports for DoLogin Security
Application: DoLogin Security
Date: Jan 02, 2025
Research Description: Missing Authorization vulnerability in WPDO DoLogin Security dologin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DoLogin Security: from n/a through <= 3.7.1.
Affected versions: max 3.8.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: ec9ed021b819b9fec28c1dd4736944e0b26ef789
Home page URL: Security reports for DoLogin Security
Application: DoLogin Security
Date: Sep 14, 2023
Research Description: DoLogin Security [dologin] < 3.7.1 DoLogin Security <= 3.7 - Missing Authorization on Dashboard Widget The DoLogin Security plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dashboard widget in versions up to, and including, 3.7. This makes it possible for authenticated attackers to view the login attempts log.
Affected versions: max 3.7.1.
Status: vulnerable

CVE, Research URL: 6bc5d02a0598a6e3d36e918308d115d43cb208f9
Home page URL: Security reports for DoLogin Security
Application: DoLogin Security
Date: Aug 21, 2023
Research Description: DoLogin Security [dologin] < 3.7 WordPress DoLogin Security Plugin <= 3.6 is vulnerable to Bypass Vulnerability Update the WordPress DoLogin Security plugin to the latest available version (at least 3.7). WordFence discovered and reported this Bypass Vulnerability vulnerability in WordPress DoLogin Security Plugin. A bypass vulnerability could allow a malicious actor to bypass certain restrictions in the code. This vulnerability has been fixed in version 3.7.
Affected versions: max 3.7.
Status: vulnerable