5 matches found
CVE-2022-0787
CVE-2022-0787 affects the WordPress plugin Limit Login Attempts (Spam Protection) prior to version 5.1. The issue is that certain parameters are not sanitized/escaped before being used in SQL statements inside unauthenticated AJAX actions, enabling SQL injection. The impact is unauthenticated acc...
CVE-2023-1861
CVE-2023-1861 affects the Limit Login Attempts WordPress plugin (versions
CVE-2023-1912
The CVE-2023-1912 entry concerns the WordPress plugin Limit Login Attempts . It describes a Stored Cross-Site Scripting (XSS) vulnerability in versions up to and including 1.7.1, caused by insufficient input sanitization and output escaping in the lock-logging feature. The flaw can allow unauthen...
CVE-2021-24657
The CVE-2021-24657 entry concerns the Limit Login Attempts WordPress plugin prior to version 4.0.50. The issue is an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability caused by not escaping IP addresses, which can be controlled by an attacker via headers such as X-Forwarded-For, bef...
CVE-2012-10001
The CVE-2012-10001 entry concerns the WordPress plugin Limit Login Attempts (before 1.7.1). The vulnerability arises because the plugin does not clear authentication cookies when a lockout occurs, potentially allowing remote attackers to continue brute-forcing authentication attempts. Affected co...