The plugin does not properly sanitise user input in its options page, which could allow attackers to perform XSS attacks against logged in administrator by making them open a malicious URL The issue was partially fixed in 2.15.1, and fully remediated in 2.16.0
CPE | Name | Operator | Version |
---|---|---|---|
limit-login-attempts-reloaded | lt | 2.16.0 |