VYPR

Wpo365 Login

by WordPress

Source repositories

CVEs (4)

  • CVE-2025-67961MedJan 22, 2026
    risk 0.42cvss 6.4epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in Marco van Wieren WPO365 wpo365-login allows Server Side Request Forgery.This issue affects WPO365: from n/a through <= 40.0.

  • CVE-2024-4706MedMay 23, 2024
    risk 0.35cvss 6.4epss 0.00

    The WordPress + Microsoft Office 365 / Azure AD | LOGIN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pintra' shortcode in all versions up to, and including, 27.2 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2021-43409Nov 19, 2021
    risk 0.00cvss epss 0.01

    The “WPO365 | LOGIN” WordPress plugin (up to and including version 15.3) by wpo365.com is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and…

  • CVE-2020-26511Oct 2, 2020
    risk 0.00cvss epss 0.02

    The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication bypass.