Unauthorized Access Vulnerability in Custom Login Page Styler Plugin for WordPress
CVE-2024-13530

4.3MEDIUM

Key Information:

Vendor

WordPress
Status
Login Page Styler – Custom WordPress Login Page Customizer & Security
Vendor
CVE Published:
31 January 2025

What is CVE-2024-13530?

The Custom Login Page Styler plugin for WordPress is susceptible to unauthorized access due to a missing capability check on several functions, including lps_handle_delete_all_logs() and lps_handle_end_session(). This vulnerability allows authenticated users with Subscriber-level access or higher to delete login logs and terminate user sessions. Users are advised to update their plugin to version 7.1.2 or later to mitigate these risks.

Affected Version(s)

Login Page Styler – Custom WordPress Login Page Customizer & Security 0 <= 7.1.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/login-page-sty...
https://plugins.trac.wordpress.org/browser/login-page-sty...

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Youcef Hamdani
.