Limitloginattempts

Limit Login Attempts Reloaded

4 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2023-6934

  • EPSS 0.16%
  • Veröffentlicht 11.01.2024 09:15:53
  • Zuletzt bearbeitet 21.11.2024 08:44:52

The Limit Login Attempts Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.25.26 due to insufficient input sanitization and output escaping on user supplie...

4.3

CVE-2023-5525

Exploit
  • EPSS 0.07%
  • Veröffentlicht 27.11.2023 17:15:08
  • Zuletzt bearbeitet 21.11.2024 08:41:56

The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin.

9.8

CVE-2020-35590

  • EPSS 42.85%
  • Veröffentlicht 21.12.2020 07:15:14
  • Zuletzt bearbeitet 21.11.2024 05:27:39

LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of (per IP address) rate limits because the X-Forwarded-For header can be forged. When the plugin is configured to accept an arbitrary head...

5.4

CVE-2020-35589

Exploit
  • EPSS 0.18%
  • Veröffentlicht 21.12.2020 07:15:13
  • Zuletzt bearbeitet 21.11.2024 05:27:39

The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts&tab= XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is...