Unknown Dologin Security vulnerabilities
3 known vulnerabilities affecting unknown/dologin_security.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2023-4800MEDIUMCVSS 6.5fixed in 3.7.12023-10-16
CVE-2023-4800 [MEDIUM] CWE-425 CVE-2023-4800: The DoLogin Security WordPress plugin before 3.7.1 does not restrict the access of a widget that sho
The DoLogin Security WordPress plugin before 3.7.1 does not restrict the access of a widget that shows the IPs of failed logins to low privileged users.
cvelistv5nvd
CVE-2023-4631MEDIUMCVSS 5.3fixed in 3.72023-09-25
CVE-2023-4631 [MEDIUM] CWE-290 CVE-2023-4631: The DoLogin Security WordPress plugin before 3.7 uses headers such as the X-Forwarded-For to retriev
The DoLogin Security WordPress plugin before 3.7 uses headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing.
cvelistv5nvd
CVE-2023-4549MEDIUMCVSS 6.1fixed in 3.72023-09-25
CVE-2023-4549 [MEDIUM] CWE-79 CVE-2023-4549: The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from
The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form.
cvelistv5nvd