4 matches found
CVE-2023-6934
The CVE-2023-6934 entry concerns the WordPress Limit Login Attempts Reloaded plugin (all versions up to 2.25.26). It is a Stored XSS where insufficient input sanitization and output escaping on shortcode attributes allows authenticated attackers with contributor-level or higher permissions to inj...
CVE-2023-5525
CVE-2023-5525 affects the Limit Login Attempts Reloaded WordPress plugin prior to 2.25.26. The root cause is missing authorization on the toggle_auto_update AJAX action, allowing any user with a valid nonce to toggle the plugin’s auto-update status. Impact: potential unauthorized control of auto-...
CVE-2020-35589
The CVE-2020-35589 entry concerns the WordPress plugin limit-login-attempts-reloaded, specifically versions before 2.17.4. The vulnerability is a reflected XSS on wp-admin/options-general.php?page=limit-login-attempts&tab=, triggered by a crafted parameter (often via a URL). Exploitation can caus...
CVE-2020-35590
CVE-2020-35590 concerns the WordPress plugin limit-login-attempts-reloaded up to version 2.17.4. The vulnerability allows bypassing per-IP login rate limits by forging the X-Forwarded-For header; if the plugin is configured to accept an arbitrary header for the client source IP, an attacker can p...