5 matches found
WordPress Limit Login Attempts 1.7.1 Cross Site Scripting Vulnerability
WordPress Limit Login Attempts plugin versions 1.7.1 and below suffer from a persistent cross site scripting vulnerability. On January 26, 2023, the Wordfence team responsibly disclosed an unauthenticated stored Cross-Site Scripting vulnerability in Limit Login Attempts, a WordPress plugin...
WordPress Limit Login Attempts 1.7.1 Cross Site Scripting
On January 26, 2023, the Wordfence team responsibly disclosed an unauthenticated stored Cross-Site Scripting vulnerability in Limit Login Attempts, a WordPress plugin installed on over 600,000 sites that provides site owners with the ability to block IP addresses that have made repeated failed...
Update Now! Severe Vulnerability Impacting 600,000 Sites Patched in Limit Login Attempts
On January 26, 2023, the Wordfence team responsibly disclosed an unauthenticated stored Cross-Site Scripting vulnerability in Limit Login Attempts, a WordPress plugin installed on over 600,000 sites that provides site owners with the ability to block IP addresses that have made repeated failed...
WordPress Limit Login Attempts Plugin <= 1.7.1 is vulnerable to Cross Site Scripting (XSS)
Software Limit Login Attempts Type Plugin Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1912 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 8be93eea7b1c Credits Marco Wotschka...
CVE-2023-1912
The CVE-2023-1912 entry concerns the WordPress plugin Limit Login Attempts . It describes a Stored Cross-Site Scripting (XSS) vulnerability in versions up to and including 1.7.1, caused by insufficient input sanitization and output escaping in the lock-logging feature. The flaw can allow unauthen...