Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

melapress — Vulnerabilities & Security Advisories 19

Browse all 19 CVE security advisories affecting melapress. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Melapress is a WordPress plugin primarily used for creating and managing contact forms and subscription systems. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The plugin's extensive functionality and integration with WordPress core have made it a target for attackers. With 19 CVEs recorded, Melapress has faced several critical security flaws that could allow unauthorized access, data theft, and website compromise. Security researchers have consistently identified input validation and sanitization weaknesses as recurring issues in the plugin's codebase.

Top products by melapress: WP Activity Log MelaPress Login Security WP 2FA – Two-factor authentication for WordPress WP 2FA Admin Notices Manager MelaPress Login Security Premium Melapress File Monitor Melapress Role Editor
CVE IDTitleCVSSSeverityPublished
CVE-2026-25331 WordPress WP Activity Log plugin <= 5.5.4 - Cross Site Scripting (XSS) vulnerability — WP Activity LogCWE-79 6.5 Medium2026-02-19
CVE-2025-14866 Melapress Role Editor <= 1.1.1 - Improper Authorization to Authenticated (Subscriber+) Privilege Escalation via Secondary Role Assignment — Melapress Role EditorCWE-863 8.8 High2026-01-23
CVE-2025-6895 MelaPress Login Security 2.1.0 - 2.1.1 - Authentication Bypass to Privilege Escalation via get_valid_user_based_on_token Function — Melapress Login SecurityCWE-288 9.8 Critical2025-07-26
CVE-2025-3702 WordPress Melapress File Monitor plugin < 2.2.0 - Broken Access Control vulnerability — Melapress File MonitorCWE-862 5.4 Medium2025-07-03
CVE-2025-39565 WordPress MelaPress Login Security plugin <= 2.1.0 - PHP Object Injection Vulnerability — MelaPress Login SecurityCWE-502 6.6 Medium2025-04-16
CVE-2025-2876 MelaPress Login Security and MelaPress Login Security Premium 2.1.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion — MelaPress Login Security PremiumCWE-862 5.3 Medium2025-04-08
CVE-2025-0767 WP Activity Log 5.3.2 - Insecure deserialization — WP Activity LogCWE-502 9.8 -2025-02-27
CVE-2025-0924 WP Activity Log <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting — WP Activity LogCWE-79 7.2 High2025-02-17
CVE-2024-10793 WP Activity Log <= 5.2.1 - Unauthenticated Stored Cross-Site Scripting via User_id Parameter — WP Activity LogCWE-79 7.2 High2024-11-15
CVE-2024-35650 WordPress MelaPress Login Security plugin <= 1.3.0 - Remote File Inclusion vulnerability — MelaPress Login SecurityCWE-98 4.9 Medium2024-06-10
CVE-2024-1717 Admin Notices Manager <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval — Admin Notices ManagerCWE-862 4.3 Medium2024-06-04
CVE-2024-32568 WordPress WP 2FA plugin <= 2.6.2 - Reflected Cross Site Scripting (XSS) vulnerability — WP 2FACWE-79 7.1 High2024-04-18
CVE-2022-44595 WordPress WP2FA plugin <= 2.2.0 - Broken Authentication vulnerability — WP 2FACWE-287 5.3 Medium2024-03-21
CVE-2023-50905 WordPress WP Activity Log Plugin <= 4.6.1 is vulnerable to Cross Site Scripting (XSS) — WP Activity LogCWE-79 7.1 High2024-02-29
CVE-2023-6506 WP 2FA <= 2.5.0 - Insecure Direct Object Reference to Arbitrary Email Sending — WP 2FA – Two-factor authentication for WordPressCWE-639 4.3 Medium2024-01-11
CVE-2023-6520 WP 2FA – Two-factor authentication for WordPress <= 2.5.0 - Cross-Site Request Forgery — WP 2FA – Two-factor authentication for WordPressCWE-352 4.3 Medium2024-01-11
CVE-2023-2261 WP Activity Log <= 4.5.0 - Missing Capabilities Check to User Enumeration — WP Activity LogCWE-862 4.3 Medium2023-06-09
CVE-2023-2286 WP Activity Log <= 4.5.0 - Cross-Site Request Forgery via ajax_run_cleanup — WP Activity LogCWE-352 4.3 Medium2023-06-09
CVE-2020-36716 WP Activity Log <= 4.0.1 - Missing Authorization — WP Activity LogCWE-862 7.3 High2023-06-07

This page lists every published CVE security advisory associated with melapress. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.