Limit Login Attempts WordPress - Stored Cross-site Scripting

Limit Login Attempts WordPress plugin 4.0.50 contains a stored cross-site scripting caused by not escaping IP addresses controlled via headers like X-Forwarded-For before outputting them in reports, letting unauthenticated attackers execute scripts in admin context. id: CVE-2021-24657 info: name:...

Limit Login Attempts - Stored Cross-Site Scripting

Limit Login Attempts WordPress plugin 4.0.72 contains a stored cross-site scripting caused by unsanitized and unescaped settings, letting malicious administrators inject Javascript code, exploit requires administrator privileges. id: CVE-2022-1029 info: name: Limit Login Attempts - Stored...

EUVD-2015-6766

Malware in sbrugna...

EUVD-2021-11569

Malware in sbrugna...

EUVD-2020-23255

Malware in sbrugna...

EUVD-2012-1023

Malware in sbrugna...

EUVD-2023-24063

Malicious code in bioql PyPI...

EUVD-2024-52360

Malicious code in bioql PyPI...

EUVD-2023-59132

Malicious code in bioql PyPI...

EUVD-2022-51868

Malicious code in bioql PyPI...

CVE-2023-1861

The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks...

CVE-2022-4303

The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based restrictions on login forms...

CVE-2020-35590

LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of per IP address rate limits because the X-Forwarded-For header can be forged. When the plugin is configured to accept an arbitrary header for the client source IP address, a malicious...

CVE-2012-10001

The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote attackers to conduct brute-force authentication attempts...

CVE-2024-54234

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wp-buy Limit Login Attempts wp-limit-failed-login-attempts allows SQL Injection.This issue affects Limit Login Attempts: from n/a through = 5.5...

CVE-2024-54234

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wp-buy Limit Login Attempts wp-limit-failed-login-attempts allows SQL Injection.This issue affects Limit Login Attempts: from n/a through = 5.5...

CVE-2024-54234

CVE-2024-54234 is a SQL Injection in the WordPress plugin WordPress Limit Login Attempts (Limit Login Attempts) affecting versions n/a through 5.5. Root cause: improper neutralization of SQL elements in the plugin, enabling unauthenticated SQL Injection. Public records in Patchstack and Red Hat e...

CVE-2024-54234 WordPress Limit Login Attempts plugin <= 5.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wp-buy Limit Login Attempts wp-limit-failed-login-attempts allows SQL Injection.This issue affects Limit Login Attempts: from n/a through = 5.5...

CVE-2024-54234 WordPress Limit Login Attempts plugin <= 5.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wp-buy Limit Login Attempts allows SQL Injection.This issue affects Limit Login Attempts: from n/a through 5.5...

WordPress plugin Limit Login Attempts SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...