WP Clinic
Log in Sign up

PLUGIN SECURITY

Is Loginpress safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the Loginpress WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: loginpress
  • Max supported PHP (analyzed): 8.4

Known vulnerabilities

  • LoginPress | wp-login Custom Login Page Customizer [loginpress] < 1.5.12 [CVE-2022-0347, LoginPress <= 1.5.11 - Reflected Cross-Site Scripting via redirect-page Parameter, LoginPress &lt; 1.5.12 - Reflected Cross-Site Scripting]
  • LoginPress | wp-login Custom Login Page Customizer [loginpress] < 1.1.4 [CVE-2019-15871, LoginPress | Custom Login Page Customizer <= 1.1.13 - Unauthorized Settings Update, LoginPress &lt;= 1.1.13 - Unauthorized Blind SQL Injection]
  • LoginPress | wp-login Custom Login Page Customizer [loginpress] < 1.1.16 [CVE-2019-15872, LoginPress <= 1.1.15 - Authenticated SQL Injection via Settings Import]
  • LoginPress | wp-login Custom Login Page Customizer [loginpress] < 1.6.3 [CVE-2022-41839, WordPress LoginPress plugin <= 1.6.2 - Broken Access Control vulnerability, LoginPress | Custom Login Page Customizer <= 1.6.2 - Missing Authorization to Settings Changes, LoginPress &lt; 1.6.3 - Unauthenticated Settings Update]
  • LoginPress | wp-login Custom Login Page Customizer [loginpress] < 1.1.16 [LoginPress <= 1.1.15 - Authenticated Stored Cross-SIte Scripting]
+ 2 more known vulnerabilities
  • LoginPress | wp-login Custom Login Page Customizer [loginpress] < 1.1.16 [LoginPress &lt;= 1.1.15 - Authenticated Blind SQL Injection]
  • LoginPress | wp-login Custom Login Page Customizer [loginpress] < 4.0.0 [CVE-2025-1764, WordPress LoginPress Plugin <= 3.3.1 is vulnerable to Cross Site Request Forgery (CSRF), LoginPress <= 3.3.1 - Cross-Site Request Forgery to Arbitrary Options Update, EUVD-2025-6432]

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Safer / more established alternatives

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.