Browse all 3 CVE security advisories affecting LoginPress. AI-powered Chinese analysis, POCs, and references for each vulnerability.
LoginPress is a WordPress plugin designed to customize login pages and enhance user authentication experiences. Historically, it has been susceptible to multiple security vulnerabilities including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. These issues often stem from insufficient input validation and improper access controls. The plugin currently has three CVEs on record, highlighting ongoing security concerns. While no major public incidents have been widely reported, the recurring nature of vulnerabilities in this plugin suggests that administrators should maintain vigilance, ensure timely updates, and implement additional security layers to mitigate potential risks associated with its use.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-7444 | LoginPress Pro <= 5.0.1 - Authentication Bypass via WordPress.com OAuth provider — LoginPress ProCWE-288 | 9.8 | Critical | 2025-07-18 |
| CVE-2024-32676 | WordPress LoginPress Pro plugin < 3.0.0 - Captcha Bypass vulnerability — LoginPress ProCWE-307 | 5.3 | Medium | 2024-04-25 |
| CVE-2024-32677 | WordPress LoginPress Pro plugin < 3.0.0 - Unauth. License Activation/Deactivation vulnerability — LoginPress ProCWE-862 | 6.5 | Medium | 2024-04-24 |
This page lists every published CVE security advisory associated with LoginPress. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.