5 matches found
Limit Login Attempts WordPress - Stored Cross-site Scripting
Limit Login Attempts WordPress plugin 4.0.50 contains a stored cross-site scripting caused by not escaping IP addresses controlled via headers like X-Forwarded-For before outputting them in reports, letting unauthenticated attackers execute scripts in admin context. id: CVE-2021-24657 info: name:...
CVE-2021-24657
The Limit Login Attempts WordPress plugin before 4.0.50 does not escape the IP addresses which can be controlled by attacker via headers such as X-Forwarded-For of attempted logins before outputting them in the reports table, leading to an Unauthenticated Stored Cross-Site Scripting issue...
CVE-2021-24657
creationtimestamp| type| source ---|---|--- 2021-09-20 14:26:58+00:00| seen| https://t.me/cibsecurity/29093 2025-12-12 08:35:51+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24657.yaml...
CVE-2021-24657 Limit Login Attempts < 4.0.50 - Unauthenticated Stored Cross-Site Scripting
The Limit Login Attempts WordPress plugin before 4.0.50 does not escape the IP addresses which can be controlled by attacker via headers such as X-Forwarded-For of attempted logins before outputting them in the reports table, leading to an Unauthenticated Stored Cross-Site Scripting issue...
CVE-2021-24657
The CVE-2021-24657 entry concerns the Limit Login Attempts WordPress plugin prior to version 4.0.50. The issue is an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability caused by not escaping IP addresses, which can be controlled by an attacker via headers such as X-Forwarded-For, bef...