Lucene search

K
Limit Login Attempts ProjectLimit Login Attempts

6 matches found

CVE
CVE
added 2022/03/28 6:15 p.m.132 views

CVE-2022-0787

The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections

9.8CVSS9.7AI score0.44426EPSS
CVE
CVE
added 2022/06/27 9:15 a.m.64 views

CVE-2022-1029

The Limit Login Attempts WordPress plugin before 4.0.72 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite...

4.8CVSS4.9AI score0.00301EPSS
CVE
CVE
added 2023/05/02 8:15 a.m.64 views

CVE-2023-1861

The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks

5.4CVSS5.4AI score0.00093EPSS
CVE
CVE
added 2023/04/06 3:15 p.m.50 views

CVE-2023-1912

The Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lock logging feature in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web sc...

7.2CVSS5.8AI score0.00621EPSS
CVE
CVE
added 2021/09/20 10:15 a.m.33 views

CVE-2021-24657

The Limit Login Attempts WordPress plugin before 4.0.50 does not escape the IP addresses (which can be controlled by attacker via headers such as X-Forwarded-For) of attempted logins before outputting them in the reports table, leading to an Unauthenticated Stored Cross-Site Scripting issue.

6.1CVSS6AI score0.05157EPSS
CVE
CVE
added 2021/01/06 3:15 p.m.25 views

CVE-2012-10001

The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote attackers to conduct brute-force authentication attempts.

9.8CVSS9.5AI score0.00771EPSS