Lucene search
K

5 matches found

Nuclei
Nuclei
added 15 hours ago52 views

Limit Login Attempts WordPress - Stored Cross-site Scripting

Limit Login Attempts WordPress plugin 4.0.50 contains a stored cross-site scripting caused by not escaping IP addresses controlled via headers like X-Forwarded-For before outputting them in reports, letting unauthenticated attackers execute scripts in admin context. id: CVE-2021-24657 info: name:...

6.1CVSS6.4AI score0.0157EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/05/22 9:4 p.m.8 views

CVE-2021-24657

The Limit Login Attempts WordPress plugin before 4.0.50 does not escape the IP addresses which can be controlled by attacker via headers such as X-Forwarded-For of attempted logins before outputting them in the reports table, leading to an Unauthenticated Stored Cross-Site Scripting issue...

6.1CVSS6AI score0.0157EPSS
Exploits2References1
Circl
Circl
added 2021/09/20 2:26 p.m.4 views

CVE-2021-24657

creationtimestamp| type| source ---|---|--- 2021-09-20 14:26:58+00:00| seen| https://t.me/cibsecurity/29093 2025-12-12 08:35:51+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24657.yaml...

6.1CVSS6AI score0.0157EPSS
Exploits2References2
Cvelist
Cvelist
added 2021/09/20 10:6 a.m.16 views

CVE-2021-24657 Limit Login Attempts < 4.0.50 - Unauthenticated Stored Cross-Site Scripting

The Limit Login Attempts WordPress plugin before 4.0.50 does not escape the IP addresses which can be controlled by attacker via headers such as X-Forwarded-For of attempted logins before outputting them in the reports table, leading to an Unauthenticated Stored Cross-Site Scripting issue...

6.1AI score0.0157EPSS
Exploits2References1
CVE
CVE
added 2021/09/20 10:6 a.m.46 views

CVE-2021-24657

The CVE-2021-24657 entry concerns the Limit Login Attempts WordPress plugin prior to version 4.0.50. The issue is an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability caused by not escaping IP addresses, which can be controlled by an attacker via headers such as X-Forwarded-For, bef...

6.1CVSS6AI score0.0157EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder