3 matches found
CVE-2022-0787
CVE-2022-0787 affects the WordPress plugin Limit Login Attempts (Spam Protection) prior to version 5.1. The issue is that certain parameters are not sanitized/escaped before being used in SQL statements inside unauthenticated AJAX actions, enabling SQL injection. The impact is unauthenticated acc...
CVE-2021-24657
The CVE-2021-24657 entry concerns the Limit Login Attempts WordPress plugin prior to version 4.0.50. The issue is an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability caused by not escaping IP addresses, which can be controlled by an attacker via headers such as X-Forwarded-For, bef...
CVE-2012-10001
The CVE-2012-10001 entry concerns the WordPress plugin Limit Login Attempts (before 1.7.1). The vulnerability arises because the plugin does not clear authentication cookies when a lockout occurs, potentially allowing remote attackers to continue brute-forcing authentication attempts. Affected co...