3 matches found
CVE-2020-35590
LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of per IP address rate limits because the X-Forwarded-For header can be forged. When the plugin is configured to accept an arbitrary header for the client source IP address, a malicious...
CVE-2020-35590
creationtimestamp| type| source ---|---|--- 2020-12-21 12:51:49+00:00| seen| https://t.me/cibsecurity/21106...
CVE-2020-35590
CVE-2020-35590 concerns the WordPress plugin limit-login-attempts-reloaded up to version 2.17.4. The vulnerability allows bypassing per-IP login rate limits by forging the X-Forwarded-For header; if the plugin is configured to accept an arbitrary header for the client source IP, an attacker can p...