| CVE-2025-3292 | User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update | wpeverest | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | Medium | 4.3 | 2025-04-12 06:37:17 | Deep Dive |
| CVE-2025-31034 | WordPress Customize Login Page plugin <= 1.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability | AboZain Albanna | Customize Login Page | Medium | 4.3 | 2025-04-09 16:10:13 | Deep Dive |
| CVE-2025-32518 | WordPress ALD Login Page plugin <= 1.1 - CSRF to Stored XSS vulnerability | hossainawlad | ALD Login Page | High | 7.1 | 2025-04-09 16:09:41 | Deep Dive |
| CVE-2025-2876 | MelaPress Login Security and MelaPress Login Security Premium 2.1.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion | melapress | MelaPress Login Security Premium | Medium | 5.3 | 2025-04-08 11:11:32 | Deep Dive |
| CVE-2025-2836 | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting | metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | Medium | 6.4 | 2025-04-04 05:22:45 | Deep Dive |
| CVE-2025-31769 | WordPress CLP – Custom Login Page by NiteoThemes plugin <= 1.5.5 - Cross Site Request Forgery (CSRF) vulnerability | NiteoThemes | CLP – Custom Login Page by NiteoThemes | Medium | 4.3 | 2025-04-01 14:51:19 | Deep Dive |
| CVE-2025-31681 | Authenticator Login - Critical - Access bypass - SA-CONTRIB-2025-009 | Drupal | Authenticator Login | 中危 | - | 2025-03-31 21:39:50 | Deep Dive |
| CVE-2025-31459 | WordPress Login Alert plugin <= 0.2.1 - CSRF to Stored XSS vulnerability | PasqualePuzio | Login Alert | High | 7.1 | 2025-03-28 11:54:10 | Deep Dive |
| CVE-2025-30890 | WordPress Login Widget for Ultimate Member plugin <= 1.1.2 - Local File Inclusion vulnerability | SuitePlugins | Login Widget for Ultimate Member | High | 7.5 | 2025-03-27 10:55:44 | Deep Dive |
| CVE-2025-30822 | WordPress Custom Login Logo Plugin <= 1.1.7 - Cross Site Request Forgery (CSRF) vulnerability | Hakik Zaman | Custom Login Logo | Medium | 4.3 | 2025-03-27 10:55:09 | Deep Dive |
| CVE-2025-23542 | WordPress RDP Linkedin Login plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability | Robert D Payne | RDP Linkedin Login | High | 7.1 | 2025-03-26 14:24:14 | Deep Dive |
| CVE-2024-13118 | IP Based Login < 2.4.1 - Log Deletion via CSRF | Unknown | IP Based Login | 中危 | - | 2025-03-25 06:00:12 | Deep Dive |
| CVE-2025-30575 | WordPress Login Redirect plugin <= - 1.0.5 Cross Site Scripting (XSS) Vulnerability | Arefly | Login Redirect | Medium | 5.9 | 2025-03-24 13:47:08 | Deep Dive |
| CVE-2025-1764 | LoginPress <= 3.3.1 - Cross-Site Request Forgery to Arbitrary Options Update | hiddenpearls | LoginPress | wp-login Custom Login Page Customizer | High | 7.5 | 2025-03-14 05:24:02 | Deep Dive |
| CVE-2025-2250 | WordPress Report Brute Force Attacks and Login Protection ReportAttacks Plugins <= 2.32 - Authenticated (Admin+) SQL Injection | sminozzi | ReportAttacks — Brute Force & Login Protection | Medium | 4.9 | 2025-03-13 03:21:02 | Deep Dive |
| CVE-2025-28929 | WordPress Tabbed Login Widget plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability | Vivek Marakana | Tabbed Login Widget | Medium | 6.5 | 2025-03-11 21:01:07 | Deep Dive |
| CVE-2025-28914 | WordPress wordpress login form to anywhere plugin <= 0.2 - Cross Site Scripting (XSS) vulnerability | Ajay Sharma | wordpress login form to anywhere | Medium | 5.9 | 2025-03-11 21:01:00 | Deep Dive |
| CVE-2025-28866 | WordPress Login Logger plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability | smerriman | Login Logger | Medium | 4.3 | 2025-03-11 21:00:36 | Deep Dive |
| CVE-2024-13836 | WP Login Control <= 2.0.0 - Reflected XSS | Unknown | WP Login Control | 高危 | - | 2025-03-11 06:00:11 | Deep Dive |
| CVE-2024-11087 | miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon <= 200.3.9 - Authentication Bypass | cyberlord92 | miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) | High | 8.1 | 2025-03-08 07:04:55 | Deep Dive |