Vulnerabilities and security researches formelapress-login-security melapress-login-security
Direction: ascendingJun 07, 2024
MelaPress Login Security # CVE-2024-35650
- CVE, Research URL
- Home page URL
- Application
- Date
- Jun 10, 2024
- Research Description
- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security melapress-login-security.This issue affects MelaPress Login Security: from n/a through <= 1.3.0.
- Affected versions
-
max 1.3.1.
- Status
-
vulnerable
Apr 09, 2025
MelaPress Login Security # CVE-2025-2876
- CVE, Research URL
- Home page URL
- Application
- Date
- Apr 08, 2025
- Research Description
- The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user.
- Affected versions
-
max 2.1.1.
- Status
-
vulnerable
Apr 18, 2025
MelaPress Login Security # CVE-2025-39565
- CVE, Research URL
- Home page URL
- Application
- Date
- Apr 16, 2025
- Research Description
- Deserialization of Untrusted Data vulnerability in Melapress MelaPress Login Security melapress-login-security allows Object Injection.This issue affects MelaPress Login Security: from n/a through <= 2.1.0.
- Affected versions
-
max 2.1.1.
- Status
-
vulnerable
Jul 26, 2025
MelaPress Login Security # CVE-2025-6895
- CVE, Research URL
- Home page URL
- Application
- Date
- Jul 26, 2025
- Research Description
- The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the get_valid_user_based_on_token() function in versions 2.1.0 to 2.1.1. This makes it possible for unauthenticated attackers who know an arbitrary user meta value to bypass authentication checks and log in as that user.
- Affected versions
-
max 2.2.0.
- Status
-
vulnerable