VYPR

Limit Login Attempts Reloaded

by WordPress

CVEs (4)

  • CVE-2020-35590CriDec 21, 2020
    risk 0.64cvss 9.8epss 0.04

    LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of (per IP address) rate limits because the X-Forwarded-For header can be forged. When the plugin is configured to accept an arbitrary header for the client source IP…

  • CVE-2023-6934MedJan 11, 2024
    risk 0.42cvss 6.4epss 0.00

    The Limit Login Attempts Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.25.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2020-35589MedDec 21, 2020
    risk 0.35cvss 5.4epss 0.01

    The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts&tab= XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the…

  • CVE-2023-5525MedNov 27, 2023
    risk 0.28cvss 4.3epss 0.00

    The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin.