Vulnerabilities > Profilepress > Loginwp > 2.8.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-06 | CVE-2021-24939 | Cross-site Scripting vulnerability in Profilepress Loginwp The LoginWP (Formerly Peter's Login Redirect) WordPress plugin before 3.0.0.5 does not sanitise and escape the rul_login_url and rul_logout_url parameter before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting issue | 4.3 |
| 2019-08-22 | CVE-2016-10925 | Cross-site Scripting vulnerability in Profilepress Loginwp The peters-login-redirect plugin before 2.9.1 for WordPress has XSS during the editing of redirect URLs. | 4.3 |
| 2019-08-16 | CVE-2019-15115 | Cross-Site Request Forgery (CSRF) vulnerability in Profilepress Loginwp The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF. | 6.8 |