Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Melapress — Vulnerabilities & Security Advisories 19

Browse all 19 CVE security advisories affecting Melapress. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products Melapress:WP Activity LogMelaPress Login SecurityWP 2FA – Two-factor authentication for WordPressWP 2FAAdmin Notices ManagerMelaPress Login Security PremiumMelapress File MonitorMelapress Role Editor
CVE IDTitleCVSSSeverityPaused
CVE-2026-25331 WordPress WP Activity Log plugin <= 5.5.4 - Cross Site Scripting (XSS) vulnerability — WP Activity LogCWE-79 6.1AIMediumAI2026-02-19
CVE-2025-14866 Melapress Role Editor <= 1.1.1 - Improper Authorization to Authenticated (Subscriber+) Privilege Escalation via Secondary Role Assignment — Melapress Role EditorCWE-863 8.8 High2026-01-23
CVE-2025-6895 MelaPress Login Security 2.1.0 - 2.1.1 - Authentication Bypass to Privilege Escalation via get_valid_user_based_on_token Function — Melapress Login SecurityCWE-288 9.8 Critical2025-07-26
CVE-2025-3702 WordPress Melapress File Monitor plugin < 2.2.0 - Broken Access Control vulnerability — Melapress File MonitorCWE-862 5.4 Medium2025-07-03
CVE-2025-39565 WordPress MelaPress Login Security plugin <= 2.1.0 - PHP Object Injection Vulnerability — MelaPress Login SecurityCWE-502 6.6 Medium2025-04-16
CVE-2025-2876 MelaPress Login Security and MelaPress Login Security Premium 2.1.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion — MelaPress Login Security PremiumCWE-862 5.3 Medium2025-04-08
CVE-2025-0767 WP Activity Log 5.3.2 - Insecure deserialization — WP Activity LogCWE-502 9.8 -2025-02-27
CVE-2025-0924 WP Activity Log <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting — WP Activity LogCWE-79 7.2 High2025-02-17
CVE-2024-10793 WP Activity Log <= 5.2.1 - Unauthenticated Stored Cross-Site Scripting via User_id Parameter — WP Activity LogCWE-79 7.2 High2024-11-15
CVE-2024-35650 WordPress MelaPress Login Security plugin <= 1.3.0 - Remote File Inclusion vulnerability — MelaPress Login SecurityCWE-98 4.9 Medium2024-06-10
CVE-2024-1717 Admin Notices Manager <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval — Admin Notices ManagerCWE-862 4.3 Medium2024-06-04
CVE-2024-32568 WordPress WP 2FA plugin <= 2.6.2 - Reflected Cross Site Scripting (XSS) vulnerability — WP 2FACWE-79 7.1 High2024-04-18
CVE-2022-44595 WordPress WP2FA plugin <= 2.2.0 - Broken Authentication vulnerability — WP 2FACWE-287 5.3 Medium2024-03-21
CVE-2023-50905 WordPress WP Activity Log plugin <= 4.6.1 - Cross Site Scripting (XSS) vulnerability — WP Activity LogCWE-79 7.1 High2024-02-29
CVE-2023-6506 WP 2FA <= 2.5.0 - Insecure Direct Object Reference to Arbitrary Email Sending — WP 2FA – Two-factor authentication for WordPressCWE-639 4.3 Medium2024-01-11
CVE-2023-6520 WP 2FA – Two-factor authentication for WordPress <= 2.5.0 - Cross-Site Request Forgery — WP 2FA – Two-factor authentication for WordPressCWE-352 4.3 Medium2024-01-11
CVE-2023-2261 WP Activity Log <= 4.5.0 - Missing Capabilities Check to User Enumeration — WP Activity LogCWE-862 4.3 Medium2023-06-09
CVE-2023-2286 WP Activity Log <= 4.5.0 - Cross-Site Request Forgery via ajax_run_cleanup — WP Activity LogCWE-352 4.3 Medium2023-06-09
CVE-2020-36716 WP Activity Log <= 4.0.1 - Missing Authorization — WP Activity LogCWE-862 7.3 High2023-06-07

This page lists every published CVE security advisory associated with Melapress. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.