CVE-2026-54184

HIGH

WordPress Clean Login plugin <= 1.15 - Insecure Direct Object References (IDOR) vulnerability

Title source: cna
STIX 2.1

Description

Unauthenticated Insecure Direct Object References (IDOR) in Clean Login <= 1.15 versions.

Scores

CVSS v3 8.2
EPSS 0.0026
EPSS Percentile 17.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-639
Status published
Products (1)
Alberto Hornero/Clean Login < 1.15
Published Jun 17, 2026
Tracked Since Jun 17, 2026