Primary

Context

LoginPress Pro Authentication Bypass Vulnerability

Vulnerability

Patched

A vulnerability allowing authentication bypass has been identified in the LoginPress Pro plugin for WordPress, affecting all versions through 5.0.1. The issue arises from inadequate verification of users associated with social login tokens, enabling unauthenticated attackers to log in as any existing user, including administrators. This exploitation is possible if the attacker knows the user's email and the user lacks an existing account with the service providing the token.

Impact

Exploitation of this vulnerability allows for unauthorized access to user accounts, potentially including administrative accounts, depending on the targeted user.

Remediation

Users are advised to update to LoginPress Pro version 5.0.2 or a newer patched version.

Added: Jul 18, 2025, 9:21 AM

Updated: Jul 18, 2025, 9:21 AM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

7.6

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

7.6

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LoginPress Pro Authentication Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

LoginPress Pro

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating