| CVE-2024-12800 | IP Based Login < 2.4.1 - Admin+ Stored XSS | Unknown | IP Based Login | - | - | 2025-05-15 20:06:57 | Deep Dive |
| CVE-2025-3605 | Frontend Login and Registration Blocks <= 1.1.1 - Unauthenticated Privilege Escalation via Account Takeover | arkenon | Login, Registration and Lost Password Blocks | Critical | 9.8 | 2025-05-09 06:42:35 | Deep Dive |
| CVE-2025-47676 | WordPress User Login History plugin <= 2.1.6 - Cross Site Scripting (XSS) Vulnerability | Faiyaz Alam | User Login History | Medium | 6.5 | 2025-05-07 14:20:53 | Deep Dive |
| CVE-2025-47622 | WordPress Email Notification on Login plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability | apasionados | Email Notification on Login | Medium | 5.9 | 2025-05-07 14:20:35 | Deep Dive |
| CVE-2025-47592 | WordPress Legal Terms and Conditions Popup for User Login and WooCommerce Checkout – TPUL plugin <= 2.0.8 - Cross Site Scripting (XSS) Vulnerability | Árpád Lehel Mátyus | Terms Popup On User Login | Medium | 5.9 | 2025-05-07 14:20:24 | Deep Dive |
| CVE-2025-3766 | Login Lockdown & Protection <= 2.11 - Missing Authorization to Authenticated (Subscriber+) Arbitrary IP Whitelisting | webfactory | Login Lockdown & Protection | Medium | 5.4 | 2025-05-07 04:22:54 | Deep Dive |
| CVE-2025-3281 | User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.2.1 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 5.3 | 2025-05-06 07:24:22 | Deep Dive |
| CVE-2025-39363 | WordPress Custom Login and Registration <= 1.0.0 - Cross Site Scripting (XSS) Vulnerability | AlphaEfficiencyTeam | Custom Login and Registration | Medium | 6.5 | 2025-05-05 06:10:51 | Deep Dive |
| CVE-2025-46535 | WordPress Custom Login and Registration plugin <= 1.0.0 - Broken Access Control vulnerability | AlphaEfficiencyTeam | Custom Login and Registration | Medium | 5.4 | 2025-04-25 08:05:57 | Deep Dive |
| CVE-2025-46477 | WordPress WP Customize Login Page plugin <= 1.6.5 - Cross Site Scripting (XSS) Vulnerability | Carlo La Pera | WP Customize Login Page | Medium | 5.9 | 2025-04-24 16:09:21 | Deep Dive |
| CVE-2025-46485 | WordPress WP Customize Login Page plugin <= 1.6.5 - Broken Access Control Vulnerability | Carlo La Pera | WP Customize Login Page | Medium | 5.3 | 2025-04-24 16:09:21 | Deep Dive |
| CVE-2025-46521 | WordPress WS Force Login Page plugin <= 3.0.3 - Cross Site Scripting (XSS) Vulnerability | Silver Muru | WS Force Login Page | Medium | 5.9 | 2025-04-24 16:09:15 | Deep Dive |
| CVE-2025-39408 | WordPress BruteGuard – Brute Force Login Protection plugin <= 0.1.4 - Reflected Cross Site Scripting (XSS) vulnerability | EverPress | BruteGuard – Brute Force Login Protection | High | 7.1 | 2025-04-24 16:08:31 | Deep Dive |
| CVE-2025-3607 | Frontend Login and Registration Blocks <= 1.0.8 - Authenticated (Subscriber+) Privilege Escalation via Password Reset | arkenon | Login, Registration and Lost Password Blocks | High | 8.8 | 2025-04-24 08:23:50 | Deep Dive |
| CVE-2025-3284 | User Registration & Membership PRO – Custom Registration Form, Login Form, and User Profile <= 5.1.3 - Cross-Site Request Forgery to User Deletion | WPEverest | User Registration PRO – Custom Registration Form, Login Form, and User Profile WordPress Plugin | Medium | 4.3 | 2025-04-19 02:22:33 | Deep Dive |
| CVE-2025-2613 | Login Manager – Design Login Page, View Login Activity, Limit Login Attempts <= 2.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via Custom URL | mehrazmorshed | Login Manager – Design Login Page, View Login Activity, Limit Login Attempts | Medium | 4.4 | 2025-04-18 01:44:11 | Deep Dive |
| CVE-2025-27333 | WordPress Protected wp-login Plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability | alvego | Protected wp-login | High | 7.1 | 2025-04-17 15:47:57 | Deep Dive |
| CVE-2025-39472 | WordPress WooCommerce Social Login plugin < 2.8.3 - Cross Site Request Forgery (CSRF) vulnerability | wpweb | WooCommerce Social Login | Medium | 4.3 | 2025-04-16 17:15:50 | Deep Dive |
| CVE-2025-39565 | WordPress MelaPress Login Security plugin <= 2.1.0 - PHP Object Injection Vulnerability | Melapress | MelaPress Login Security | Medium | 6.6 | 2025-04-16 12:44:32 | Deep Dive |
| CVE-2025-3282 | User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership Modification | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 5.3 | 2025-04-12 06:37:18 | Deep Dive |