| CVE-2024-54416 | WordPress Wp Login with Ajax plugin <= 0.6 - CSRF to Stored Cross-Site Scripting vulnerability | Navdeep | Wp Login with Ajax | High | 7.1 | 2024-12-16 14:13:53 | Deep Dive |
| CVE-2024-11888 | IDer Login for WordPress <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | ider | IDer Login for WordPress | Medium | 6.4 | 2024-12-14 04:23:48 | Deep Dive |
| CVE-2024-54234 | WordPress Limit Login Attempts plugin <= 5.5 - SQL Injection vulnerability | wp-buy | Limit Login Attempts | Critical | 9.3 | 2024-12-13 14:24:29 | Deep Dive |
| CVE-2024-10518 | ProfilePress < 4.15.15 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2024-12-12 06:00:18 | Deep Dive |
| CVE-2024-10517 | ProfilePress < 4.15.15 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2024-12-12 06:00:17 | Deep Dive |
| CVE-2024-54255 | WordPress Login Widget With Shortcode plugin <= 6.1.2 - Open Redirection vulnerability | aviplugins.com | Login Widget With Shortcode | Medium | 4.7 | 2024-12-09 11:32:02 | Deep Dive |
| CVE-2023-24375 | WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 - Broken Access Control vulnerability | miniOrange | WordPress Social Login and Register | Low | 3.5 | 2024-12-09 11:31:41 | Deep Dive |
| CVE-2023-25455 | WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.6.0 - Arbitrary Content Deletion vulnerability | miniOrange | WordPress Social Login and Register | Medium | 5.3 | 2024-12-09 11:31:33 | Deep Dive |
| CVE-2023-49859 | WordPress Login With Ajax plugin <= 4.1 - Broken Access Control vulnerability | Marcus (aka @msykes) | Login With Ajax | 中危 | - | 2024-12-09 11:30:08 | Deep Dive |
| CVE-2023-49858 | WordPress Custom Login plugin <= 4.1.0 - Broken Access Control vulnerability | Austin | Custom Login | 中危 | - | 2024-12-09 11:30:06 | Deep Dive |
| CVE-2024-11178 | Login With OTP <= 1.4.2 - Authentication Bypass via Weak OTP | india-web-developer | Login with OTP | High | 8.1 | 2024-12-06 06:48:23 | Deep Dive |
| CVE-2024-11293 | Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login <= 1.7.9 - Authentication Bypass via WordPress.com OAuth provider | Genetech Solutions | Pie Register - Social Sites Login (Add on) | High | 8.1 | 2024-12-04 07:32:26 | Deep Dive |
| CVE-2024-11786 | Login with Vipps and MobilePay <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting | wphostingdev | Login with Vipps and MobilePay | Medium | 6.4 | 2024-11-28 08:47:35 | Deep Dive |
| CVE-2024-11083 | ProfilePress <= 4.15.18 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 5.3 | 2024-11-27 05:31:54 | Deep Dive |
| CVE-2024-11818 | PHPGurukul User Registration & Login and User Management System signup.php sql injection | PHPGurukul | User Registration & Login and User Management System | High | 7.3 | 2024-11-26 23:31:05 | Deep Dive |
| CVE-2024-11817 | PHPGurukul User Registration & Login and User Management System index.php sql injection | PHPGurukul | User Registration & Login and User Management System | High | 7.3 | 2024-11-26 23:00:10 | Deep Dive |
| CVE-2024-10961 | Social Login <= 5.9.0 - Authentication Bypass via Disqus OAuth provider | claudeschlesser | Social Login | Critical | 9.8 | 2024-11-23 03:25:48 | Deep Dive |
| CVE-2024-10528 | Ultimate Member <= 2.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Profile Picture Update | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 4.3 | 2024-11-21 05:33:49 | Deep Dive |
| CVE-2024-9371 | Branda – White Label & Branding, Custom Login Page Customizer <= 3.4.19 - Reflected Cross-Site Scripting | wpmudev | Branda – White Label & Branding, Free Login Page Customizer | Medium | 6.1 | 2024-11-21 04:24:27 | Deep Dive |
| CVE-2024-51634 | WordPress Webriti Custom Login plugin <= 0.3 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability | a.ankit | Webriti Custom Login | High | 7.1 | 2024-11-19 16:32:30 | Deep Dive |