Limit Login Attempts Reloaded < 2.16.0 - Authenticated Reflected Cross-Site Scripting

2020-12-1400:00:00

wpvulndb

security exploit

cross-site scripting

wordpress plugin

EPSS

0.001

Percentile

21.4%

JSON

The plugin does not properly sanitise user input in its options page, which could allow attackers to perform XSS attacks against logged in administrator by making them open a malicious URL The issue was partially fixed in 2.15.1, and fully remediated in 2.16.0

https://example.com/wp-admin/options-general.php?page=limit-login-attempts&tab=d7raf%22%3E%3Cscript%3Ealert(1)%3C/script%3E

References

n4nj0.github.io/advisories/wordpress-plugin-limit-login-attempts-reloaded/

EPSS

0.001

Percentile

21.4%

JSON

Related for WPEX-ID:6D30DA09-DF37-49BE-BB46-0E0FEC90850F