Wpdo Vulnerabilities
Comprehensive security vulnerability database for Wpdo products
2
0
2
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2023-4631 | 5.3 | This vulnerability allows an attacker to spoof their IP address when using the DoLogin Security plugin for WordPress, potentially bypassing security measures that rely on IP address verification. It occurs because the plugin improperly trusts certain headers, which can be manipulated if the attacker has access to the network or can send requests through a proxy. | wpdodologin security | Exploit Available | over 2 years agoSep 25, 2023 |
| CVE-2023-4549 | 6.1 | This vulnerability allows attackers to inject malicious scripts into the WordPress login form, potentially leading to stored cross-site scripting (XSS) attacks, which can compromise user accounts. It occurs because the DoLogin Security plugin fails to properly clean up IP addresses from the X-Forwarded-For header, and it affects versions before 3.7. | wpdodologin security | Exploit Available | over 2 years agoSep 25, 2023 |
About Wpdo Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Wpdo products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.