Medium severity6.1NVD Advisory· Published Sep 20, 2021· Updated Jun 17, 2026
CVE-2021-24657
CVE-2021-24657
Description
The Limit Login Attempts WordPress plugin before 4.0.50 does not escape the IP addresses (which can be controlled by attacker via headers such as X-Forwarded-For) of attempted logins before outputting them in the reports table, leading to an Unauthenticated Stored Cross-Site Scripting issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Limit Login Attempts plugindescription
- Range: <4.0.50
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/c789ca04-d88c-4789-8be1-812888f0c8f8nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.