Vulnerabilities > Melapress

DATE	CVE	VULNERABILITY TITLE	RISK
2024-11-15	CVE-2024-10793	Cross-site Scripting vulnerability in Melapress WP Activity LOG The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. network low complexity melapress CWE-79	6.1
2024-06-21	CVE-2022-44587	Information Exposure Through Log Files vulnerability in Melapress WP 2FA Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3. network low complexity melapress CWE-532	7.5
2024-06-10	CVE-2024-35650	Inclusion of Functionality from Untrusted Control Sphere vulnerability in Melapress Login Security Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security allows PHP Remote File Inclusion.This issue affects MelaPress Login Security: from n/a through 1.3.0. network low complexity melapress CWE-829	7.2
2024-01-11	CVE-2023-6520	Cross-Site Request Forgery (CSRF) vulnerability in Melapress WP 2FA The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. network low complexity melapress CWE-352	4.3

Vulnerabilities > Melapress {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Melapress"}]}