VYPR

Clean Login

by Codection

Source repositories

CVEs (2)

  • CVE-2017-8875MedMay 10, 2017
    risk 0.42cvss 6.5epss 0.01

    CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL.

  • CVE-2024-8252Aug 30, 2024
    risk 0.04cvss epss 0.03

    The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode. This makes it possible for authenticated attackers, with Contributor-level access and…