Loginwp

loginwp

Vendor: Profilepress • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-24939 1Profilepress 1Loginwp Jun 17, 2026 Dec 6, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The LoginWP (Formerly Peter's Login Redirect) WordPress plugin before 3.0.0.5 does not sanitise and escape the rul_login_url and rul_logout_url parameter before outputting them back in attributes in an admin page, leadin...Show more The LoginWP (Formerly Peter's Login Redirect) WordPress plugin before 3.0.0.5 does not sanitise and escape the rul_login_url and rul_logout_url parameter before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting issueShow less
CVE-2016-10925 1Profilepress 1Loginwp Nov 21, 2024 Aug 22, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The peters-login-redirect plugin before 2.9.1 for WordPress has XSS during the editing of redirect URLs.
CVE-2019-15115 1Profilepress 1Loginwp Jun 17, 2026 Aug 16, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF.