3 matches found
Cross site scripting
The Limit Login Attempts WordPress plugin before 4.0.50 does not escape the IP addresses which can be controlled by attacker via headers such as X-Forwarded-For of attempted logins before outputting them in the reports table, leading to an Unauthenticated Stored Cross-Site Scripting issue...
PT-2021-16170
Name of the Vulnerable Software and Affected Versions Limit Login Attempts WordPress plugin versions prior to 4.0.50 Description The issue arises from the plugin not escaping IP addresses of attempted logins before outputting them in the reports table. This can be exploited by an attacker...
Limit Login Attempts < 4.0.50 - Unauthenticated Stored Cross-Site Scripting
The plugin does not escape the IP addresses which can be controlled by attacker via headers such as X-Forwarded-For of attempted logins before outputting them in the reports table, leading to an Unauthenticated Stored Cross-Site Scripting issue. PoC POST /wp-login.php HTTP/1.1 Accept:...