Unauthorized Access Vulnerability in Custom Login Page Styler Plugin for WordPress
CVE-2024-13530

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Custom Login Page Styler – Limit Login Attempts – Restrict Content With Login – Redirect After Login – Change Login Url – Sign In , Sign Out
Vendor: CVE Published:; 31 January 2025

What is CVE-2024-13530?

The Custom Login Page Styler plugin for WordPress is susceptible to unauthorized access due to a missing capability check on several functions, including lps_handle_delete_all_logs() and lps_handle_end_session(). This vulnerability allows authenticated users with Subscriber-level access or higher to delete login logs and terminate user sessions. Users are advised to update their plugin to version 7.1.2 or later to mitigate these risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Custom Login Page Styler – Limit Login Attempts – Restrict Content With Login – Redirect After Login – Change Login URL – Sign in , Sign out * <= 7.1.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/login-page-sty...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Jan 20, 2025

Credit

Youcef Hamdani

JSON

WordPress

What is CVE-2024-13530?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.