4.3
CVE-2023-5525
- EPSS 0.45%
- Veröffentlicht 27.11.2023 17:15:08
- Zuletzt bearbeitet 21.11.2024 08:41:56
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginLimit Login Attempts Reloaded < 2.25.26 - Admin+ Missing Authorization to Toggle Plugin Auto-Update
Limit Login Attempts Reloaded <= 2.25.25 - Missing Authorization
The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin.
Mögliche Gegenmaßnahme
Limit Login Attempts Security – Login Security, 2FA, Firewall, Brute Force Prevention: Update to version 2.25.26, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Limitloginattempts ≫ Limit Login Attempts Reloaded SwPlatformwordpress Version < 2.25.26
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Limit Login Attempts Security – Login Security, 2FA, Firewall, Brute Force Prevention
Version
*-2.25.25
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.45% | 0.359 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://wpscan.com/vulnerability/654bad15-1c88-446a-b28b-5a412cc0399d
https://www.wordfence.com/threat-intel/vulnerabilities/id/1df31843-0af7-486c-b0aa-4eaf72a7e70f