cbcvebase.

Melapress Login Security vulnerabilities

4 known vulnerabilities affecting melapress/melapress_login_security.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3

Vulnerabilities

Page 1 of 1
CVE-2025-6895P2CRITICALCVSS 9.8≥ 2.1.0, ≤ 2.1.12025-07-26
CVE-2025-6895 [CRITICAL] CWE-288 CVE-2025-6895: The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to miss The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the get_valid_user_based_on_token() function in versions 2.1.0 to 2.1.1. This makes it possible for unauthenticated attackers who know an arbitrary user meta value to bypass authentication checks and log in as that user.
nvd
CVE-2025-2876P3HIGHCVSS 8.2fixed in 2.1.1v2.1.02025-04-08
CVE-2025-2876 [HIGH] CWE-862 CVE-2025-2876: The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerabl The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user.
nvd
CVE-2025-39565P3HIGHCVSS 7.2fixed in 2.1.1≤ 2.1.02025-04-16
CVE-2025-39565 [HIGH] CWE-502 CVE-2025-39565: Deserialization of Untrusted Data vulnerability in Melapress MelaPress Login Security melapress-logi Deserialization of Untrusted Data vulnerability in Melapress MelaPress Login Security melapress-login-security allows Object Injection.This issue affects MelaPress Login Security: from n/a through <= 2.1.0.
nvd
CVE-2024-35650P3HIGHCVSS 7.2fixed in 1.3.1≤ 1.3.02024-06-10
CVE-2024-35650 [HIGH] CWE-98 CVE-2024-35650: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security melapress-login-security.This issue affects MelaPress Login Security: from n/a through <= 1.3.0.
nvd
Melapress Login Security vulnerabilities | cvebase