VYPR

Wp Limit Failed Login Attempts

by WordPress

Source repositories

CVEs (2)

  • CVE-2024-54234CriDec 13, 2024
    risk 0.60cvss 9.3epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wp-buy Limit Login Attempts wp-limit-failed-login-attempts allows SQL Injection.This issue affects Limit Login Attempts: from n/a through <= 5.5.

  • CVE-2022-4534MedOct 8, 2024
    risk 0.27cvss 5.3epss 0.00

    The Limit Login Attempts (Spam Protection) plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.3. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions.…