2 matches found
CVE-2024-13118
CVE-2024-13118 affects the IP Based Login WordPress plugin (version earlier than 2.4.1). The vulnerability arises from missing CSRF protections in some areas, enabling CSRF attacks that could cause logged-in users to delete logs. Red Hat and CVE records confirm this issue and indicate a fix in ve...
CVE-2024-12800
The CVE-2024-12800 entry concerns the WordPress plugin IP Based Login. Affected versions prior to 2.4.1 do not sanitize values during import, enabling Stored Cross-Site Scripting (Stored XSS) that could be exploited by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e...