VYPR

Limit Login Attempts

by Limit Login Attempts Project

CVEs (4)

  • CVE-2023-1912HigApr 6, 2023
    risk 0.47cvss 7.2epss 0.01

    The Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lock logging feature in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to…

  • CVE-2022-4532MedAug 17, 2024
    risk 0.42cvss 6.5epss 0.00

    The LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions.…

  • CVE-2022-4533MedSep 19, 2024
    risk 0.34cvss 5.3epss 0.00

    The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1.0. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers…

  • CVE-2022-4534MedOct 8, 2024
    risk 0.27cvss 5.3epss 0.00

    The Limit Login Attempts (Spam Protection) plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.3. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions.…