Lucene search
K
LimitloginattemptsLimit Login Attempts Reloaded

4 matches found

CVE
CVE
added 2024/01/11 8:32 a.m.139 views

CVE-2023-6934

The CVE-2023-6934 entry concerns the WordPress Limit Login Attempts Reloaded plugin (all versions up to 2.25.26). It is a Stored XSS where insufficient input sanitization and output escaping on shortcode attributes allows authenticated attackers with contributor-level or higher permissions to inj...

6.4CVSS5.2AI score0.0043EPSS
CVE
CVE
added 2023/11/27 4:22 p.m.111 views

CVE-2023-5525

CVE-2023-5525 affects the Limit Login Attempts Reloaded WordPress plugin prior to 2.25.26. The root cause is missing authorization on the toggle_auto_update AJAX action, allowing any user with a valid nonce to toggle the plugin’s auto-update status. Impact: potential unauthorized control of auto-...

4.3CVSS4.5AI score0.00454EPSS
Web
CVE
CVE
added 2020/12/21 6:3 a.m.73 views

CVE-2020-35589

The CVE-2020-35589 entry concerns the WordPress plugin limit-login-attempts-reloaded, specifically versions before 2.17.4. The vulnerability is a reflected XSS on wp-admin/options-general.php?page=limit-login-attempts&tab=, triggered by a crafted parameter (often via a URL). Exploitation can caus...

5.4CVSS6.3AI score0.00767EPSS
Web
CVE
CVE
added 2020/12/21 6:3 a.m.72 views

CVE-2020-35590

CVE-2020-35590 concerns the WordPress plugin limit-login-attempts-reloaded up to version 2.17.4. The vulnerability allows bypassing per-IP login rate limits by forging the X-Forwarded-For header; if the plugin is configured to accept an arbitrary header for the client source IP, an attacker can p...

9.8CVSS9.4AI score0.04348EPSS