VYPR

Login Lockdown & Protection

by WordPress

Source repositories

CVEs (2)

  • CVE-2025-11707MedDec 13, 2025
    risk 0.34cvss 5.3epss 0.00

    The Login Lockdown & Protection plugin for WordPress is vulnerable to IP Block Bypass in all versions up to, and including, 2.14. This is due to $unblock_key key being insufficiently random allowing unauthenticated users, with access to an administrative user email, to generate…

  • CVE-2025-3766MedMay 7, 2025
    risk 0.28cvss 5.4epss 0.00

    The Login Lockdown & Protection plugin for WordPress is vulnerable to unauthorized nonce access due to a missing capability check on the ajax_run_tool function in all versions up to, and including, 2.11. This makes it possible for authenticated attackers, with Subscriber-level…