Medium severity5.4NVD Advisory· Published Dec 21, 2020· Updated Jun 17, 2026
CVE-2020-35589
CVE-2020-35589
Description
The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts&tab= XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <2.17.4
Patches
Vulnerability mechanics
References
2- n4nj0.github.io/advisories/wordpress-plugin-limit-login-attempts-reloaded/nvdExploitThird Party Advisory
- wordpress.org/plugins/limit-login-attempts-reloaded/nvdProductThird Party Advisory
News mentions
0No linked articles in our index yet.