The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the toggle_auto_update
AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin.
CPE | Name | Operator | Version |
---|---|---|---|
limit_login_attempts_reloaded | lt | 2.25.26 |