| CVE-2024-3726 | Login Logout Register Menu <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'llrmloginlogout' Shortcode | vinod-dalvi | Login Logout Register Menu | Medium | 6.4 | 2024-05-30 02:35:09 | Deep Dive |
| CVE-2024-5150 | Login with phone number <= 1.7.26 - Authentication Bypass due to Missing Empty Value Check | glboy | OTP Login With Phone Number, OTP Verification | Critical | 9.8 | 2024-05-29 02:00:37 | Deep Dive |
| CVE-2024-4544 | Pie Register - Social Sites Login (Add on) <= 1.7.7 - Authentication Bypass | Genetech Solutions | Pie Register - Social Sites Login (Add on) | Critical | 9.8 | 2024-05-24 03:30:35 | Deep Dive |
| CVE-2024-2861 | ProfilePress <= 4.15.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via ProfilePress User Panel Widget | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-05-23 09:32:33 | Deep Dive |
| CVE-2024-4706 | WordPress + Microsoft Office 365 / Azure AD | LOGIN <= 27.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via pintra Shortcode | wpo365 | WPO365 | SEAMLESS WORDPRESS + MICROSOFT INTEGRATION (WPO365 | LOGIN) | Medium | 6.4 | 2024-05-23 07:31:26 | Deep Dive |
| CVE-2024-32507 | WordPress Login with phone number plugin <= 1.7.16 - Privilege Escalation vulnerability | Hamid Alinia | Login with phone number | High | 8.8 | 2024-05-17 08:55:21 | Deep Dive |
| CVE-2023-47683 | WordPress Social Login, Social Sharing by miniOrange plugin <= 7.6.6 - Authenticated Privilege Escalation vulnerability | miniOrange | WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) | High | 8.0 | 2024-05-17 08:36:38 | Deep Dive |
| CVE-2023-26009 | WordPress Houzez Login Register plugin <= 2.6.3 - Privilege Escalation | Favethemes | Houzez Login Register | Critical | 9.8 | 2024-05-17 06:40:58 | Deep Dive |
| CVE-2024-34419 | WordPress Configure Login Timeout plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | Nathan Vonnahme | Configure Login Timeout | Medium | 5.9 | 2024-05-09 11:31:05 | Deep Dive |
| CVE-2024-32674 | WordPress Plugin Heator Social Login 跨站脚本漏洞 | Heateor | Heateor Social Login WordPress | - | - | 2024-05-08 03:37:49 | Deep Dive |
| CVE-2024-34371 | WordPress Login with phone number plugin <= 1.7.18 - Broken Access Control vulnerability | Hamid Alinia | Login with phone number | Medium | 4.3 | 2024-05-06 19:04:13 | Deep Dive |
| CVE-2024-33918 | WordPress AJAX Login and Registration modal popup + inline form plugin <= 2.23 - Cross Site Scripting (XSS) vulnerability | Maxim K | AJAX Login and Registration modal popup + inline form | Medium | 5.9 | 2024-05-03 07:16:36 | Deep Dive |
| CVE-2024-33932 | WordPress Login Logout Register Menu plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability | Vinod Dalvi | Login Logout Register Menu | Medium | 6.5 | 2024-05-03 07:08:57 | Deep Dive |
| CVE-2024-2417 | User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | High | 8.8 | 2024-05-02 16:52:42 | Deep Dive |
| CVE-2024-2765 | Ultimate Member <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting | ultimatemember | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | Medium | 5.4 | 2024-05-02 16:52:22 | Deep Dive |
| CVE-2024-3295 | User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Unauthenticated Media Deletion | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 6.5 | 2024-05-02 16:52:21 | Deep Dive |
| CVE-2024-2867 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.4 | 2024-05-02 16:52:05 | Deep Dive |
| CVE-2023-51484 | WordPress Login as User or Customer plugin <= 3.8 - Unauthenticated Account Takeover vulnerability | wp-buy | Login as User or Customer (User Switching) | Critical | 9.8 | 2024-04-25 08:24:44 | Deep Dive |
| CVE-2024-32525 | WordPress Theme My Login plugin <= 7.1.6 - Broken Access Control vulnerability | Theme My Login | Theme My Login | Medium | 4.3 | 2024-04-17 07:17:23 | Deep Dive |
| CVE-2024-30546 | WordPress Login With Ajax plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability | Pixelite | Login With Ajax | Medium | 4.3 | 2024-04-15 10:26:17 | Deep Dive |