VYPR
Vendor

Melapress

Products
5
CVEs
20
Across products
20
Status
Private

Products

5

Recent CVEs

20
  • CVE-2025-6895CriJul 26, 2025
    risk 0.57cvss 9.8epss 0.01

    The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the get_valid_user_based_on_token() function in versions 2.1.0 to 2.1.1. This makes it possible for unauthenticated attackers who know an arbitrary user…

  • CVE-2024-2018HigApr 9, 2024
    risk 0.57cvss 8.8epss 0.01

    The WP Activity Log Premium plugin for WordPress is vulnerable to SQL Injection via the entry->roles parameter in all versions up to, and including, 4.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. …

  • CVE-2025-14866HigJan 23, 2026
    risk 0.50cvss 8.8epss 0.00

    The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'save_secondary_roles_field' function. This makes it possible for authenticated attackers,…

  • CVE-2024-32568HigApr 18, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP 2FA wp-2fa.This issue affects WP 2FA: from n/a through <= 2.6.2.

  • CVE-2023-50905HigFeb 29, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log allows Stored XSS.This issue affects WP Activity Log: from n/a through 4.6.1.

  • CVE-2025-39565MedApr 16, 2025
    risk 0.43cvss 6.6epss 0.01

    Deserialization of Untrusted Data vulnerability in Melapress MelaPress Login Security melapress-login-security allows Object Injection.This issue affects MelaPress Login Security: from n/a through <= 2.1.0.

  • CVE-2026-25331MedFeb 19, 2026
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP Activity Log wp-security-audit-log allows DOM-Based XSS.This issue affects WP Activity Log: from n/a through <= 5.5.4.

  • CVE-2025-12628MedNov 24, 2025
    risk 0.41cvss 6.3epss 0.00

    The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing them

  • CVE-2025-3702MedJul 3, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Melapress Melapress File Monitor website-file-changes-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Melapress File Monitor: from n/a through < 2.2.0.

  • CVE-2022-44595MedMar 21, 2024
    risk 0.34cvss 5.3epss 0.00

    Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue affects WP 2FA: from n/a through 2.2.0.

  • CVE-2024-35650MedJun 10, 2024
    risk 0.32cvss 4.9epss 0.01

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security melapress-login-security.This issue affects MelaPress Login Security: from n/a through <= 1.3.0.

  • CVE-2023-6520MedJan 11, 2024
    risk 0.28cvss 4.3epss 0.00

    The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. This is due to missing or incorrect nonce validation on the send_backup_codes_email function. This makes it…

  • CVE-2024-10793Nov 15, 2024
    risk 0.05cvss epss 0.01

    The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject…

  • CVE-2024-9879May 15, 2025
    risk 0.00cvss epss 0.00

    The Melapress File Monitor WordPress plugin before 2.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks

  • CVE-2024-10009May 15, 2025
    risk 0.00cvss epss 0.00

    The Melapress File Monitor WordPress plugin before 2.1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks

  • CVE-2025-2876Apr 8, 2025
    risk 0.00cvss epss 0.00

    The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0. This makes it possible for unauthenticated attackers to…

  • CVE-2025-0767Feb 27, 2025
    risk 0.00cvss epss 0.00

    WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php.

  • CVE-2025-0924Feb 17, 2025
    risk 0.00cvss epss 0.01

    The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to…

  • CVE-2024-10788Nov 21, 2024
    risk 0.00cvss epss 0.01

    The Activity Log – Monitor & Record User Changes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event parameters in all versions up to, and including, 2.11.1 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2022-44587Jun 21, 2024
    risk 0.00cvss epss 0.00

    Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3.