Really Simple Security logo

Log out
Get PRO

Latest

Weak configuration vulnerability in All In One Login — WP Admin Login Page Security and Customization with Google reCAPTCHA, Social Login, Limit Login Attempt, 2FA, and more. 2.0.8

  • Severity: medium-risk
  • Status: Fixed
  • Publication: October 9, 2025

The WP Admin Login Page Security and Customization plugin for WordPress, also known as the All In One Login, has a vulnerability in version 2.0.8. This vulnerability allows attackers to bypass login protection by spoofing their IP address. This is because the plugin does not properly validate IP addresses and relies on user-supplied HTTP headers to retrieve the IP address.

Detected in:

All In One Login — WP Admin Login Page Security and Customization with Google reCAPTCHA, Social Login, Limit Login Attempt, 2FA, and more. fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.