VYPR

Melapress Login Security

by Melapress

CVEs (4)

  • CVE-2025-6895CriJul 26, 2025
    risk 0.57cvss 9.8epss 0.01

    The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the get_valid_user_based_on_token() function in versions 2.1.0 to 2.1.1. This makes it possible for unauthenticated attackers who know an arbitrary user…

  • CVE-2025-39565MedApr 16, 2025
    risk 0.43cvss 6.6epss 0.01

    Deserialization of Untrusted Data vulnerability in Melapress MelaPress Login Security melapress-login-security allows Object Injection.This issue affects MelaPress Login Security: from n/a through <= 2.1.0.

  • CVE-2024-35650MedJun 10, 2024
    risk 0.32cvss 4.9epss 0.01

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security melapress-login-security.This issue affects MelaPress Login Security: from n/a through <= 1.3.0.

  • CVE-2025-2876Apr 8, 2025
    risk 0.00cvss epss 0.00

    The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0. This makes it possible for unauthenticated attackers to…