Approved changes feed: RSS · Atom

cpe:2.3:a:melapress:melapress_login_security:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorMelapress (7b16c59f-5102-5265-b499-38ab78b79b40)
ProductMelapress Login Security (29017f7a-da82-5c14-bbe2-9fec5f8434f2)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:github/melapress/melapress-login-security purl2cpe 2026-06-01 10:17:56.119394

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-6895 vulnerable 2026-06-08 07:43:16.617881 MelaPress Login Security 2.1.0 - 2.1.1 - Authentication Bypass to Privilege Escalation via get_valid_user_based_on_token Function
CRITICAL (9.8)
The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the get_valid_user_based_on_token() function in versions 2.1.0 to 2.1.1. This makes it possible for unauthenticated attackers who know an arbitrary user meta value to bypass authentication checks and log in as that user.
Published: 2025-07-26T04:25:24.963Z
Updated: 2025-07-28T18:33:26.188Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-39565 vulnerable 2026-06-08 07:23:06.772079 WordPress MelaPress Login Security plugin <= 2.1.0 - PHP Object Injection Vulnerability
MEDIUM (6.6)
Deserialization of Untrusted Data vulnerability in Melapress MelaPress Login Security melapress-login-security allows Object Injection.This issue affects MelaPress Login Security: from n/a through <= 2.1.0.
Published: 2025-04-16T12:44:31.718Z
Updated: 2026-04-28T16:12:34.854Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-2876 vulnerable 2026-06-08 07:16:58.545137 MelaPress Login Security and MelaPress Login Security Premium 2.1.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion
MEDIUM (5.3)
The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user.
Published: 2025-04-08T11:11:31.603Z
Updated: 2025-04-08T12:59:23.581Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-35650 vulnerable 2026-06-08 06:39:42.232592 WordPress MelaPress Login Security plugin <= 1.3.0 - Remote File Inclusion vulnerability
MEDIUM (4.9)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security melapress-login-security.This issue affects MelaPress Login Security: from n/a through <= 1.3.0.
Published: 2024-06-10T15:43:24.549Z
Updated: 2026-04-28T16:09:52.362Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.