VYPR

Limit Login Attempts (Spam Protection)

by WordPress

CVEs (2)

  • CVE-2022-0787CriMar 28, 2022
    risk 0.64cvss 9.8epss 0.09

    The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections

  • CVE-2022-4534MedOct 8, 2024
    risk 0.27cvss 5.3epss 0.00

    The Limit Login Attempts (Spam Protection) plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.3. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions.…