VYPR

External Login

by WordPress

Source repositories

CVEs (2)

  • CVE-2025-11177HigOct 15, 2025
    risk 0.49cvss 7.5epss 0.00

    The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in all versions up to, and including, 1.11.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it…

  • CVE-2025-11196MedOct 15, 2025
    risk 0.28cvss 4.3epss 0.00

    The External Login plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.11.2 due to the 'exlog_test_connection' AJAX action lacking capability checks or nonce validation. This makes it possible for authenticated attackers,…