Melapress Login Security
Approved changes feed: RSS · Atom
cpe:2.3:a:melapress:melapress_login_security:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Melapress (7b16c59f-5102-5265-b499-38ab78b79b40) |
|---|---|
| Product | Melapress Login Security (29017f7a-da82-5c14-bbe2-9fec5f8434f2) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/melapress/melapress-login-security |
purl2cpe | 2026-06-01 10:17:56.119394 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-6895 |
vulnerable | 2026-06-08 07:43:16.617881 |
MelaPress Login Security 2.1.0 - 2.1.1 - Authentication Bypass to Privilege Escalation via get_valid_user_based_on_token Function
CRITICAL (9.8)
The Melapress Login Security plugin for WordPress is vulnerable to Authentication Bypass due to missing authorization within the get_valid_user_based_on_token() function in versions 2.1.0 to 2.1.1. This makes it possible for unauthenticated attackers who know an arbitrary user meta value to bypass authentication checks and log in as that user.
Published: 2025-07-26T04:25:24.963Z
Updated: 2025-07-28T18:33:26.188Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-39565 |
vulnerable | 2026-06-08 07:23:06.772079 |
WordPress MelaPress Login Security plugin <= 2.1.0 - PHP Object Injection Vulnerability
MEDIUM (6.6)
Deserialization of Untrusted Data vulnerability in Melapress MelaPress Login Security melapress-login-security allows Object Injection.This issue affects MelaPress Login Security: from n/a through <= 2.1.0.
Published: 2025-04-16T12:44:31.718Z
Updated: 2026-04-28T16:12:34.854Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-2876 |
vulnerable | 2026-06-08 07:16:58.545137 |
MelaPress Login Security and MelaPress Login Security Premium 2.1.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion
MEDIUM (5.3)
The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user.
Published: 2025-04-08T11:11:31.603Z
Updated: 2025-04-08T12:59:23.581Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-35650 |
vulnerable | 2026-06-08 06:39:42.232592 |
WordPress MelaPress Login Security plugin <= 1.3.0 - Remote File Inclusion vulnerability
MEDIUM (4.9)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security melapress-login-security.This issue affects MelaPress Login Security: from n/a through <= 1.3.0.
Published: 2024-06-10T15:43:24.549Z
Updated: 2026-04-28T16:09:52.362Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.