Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
limit login attempts project limit login attempts vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-24657
The Limit Login Attempts WordPress plugin prior to 4.0.50 does not escape the IP addresses (which can be controlled by attacker via headers such as X-Forwarded-For) of attempted logins before outputting them in the reports table, leading to an Unauthenticated Stored Cross-Site Sc...
Limit Login Attempts Project Limit Login Attempts
NA
CVE-2023-1861
The Limit Login Attempts WordPress plugin up to and including 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks
Limit Login Attempts Project Limit Login Attempts
NA
CVE-2023-1912
The Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lock logging feature in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated malicious users t...
Limit Login Attempts Project Limit Login Attempts
7.5
CVSSv2
CVE-2022-0787
The Limit Login Attempts (Spam Protection) WordPress plugin prior to 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections
Limit Login Attempts Project Limit Login Attempts
5
CVSSv2
CVE-2012-10001
The Limit Login Attempts plugin prior to 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote malicious users to conduct brute-force authentication attempts.
Limit Login Attempts Project Limit Login Attempts
NA
CVE-2022-47138
Cross-Site Request Forgery (CSRF) vulnerability in German Krutov LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin <= 2.1 versions.
Login And Registration Attempts Limit Project Login And Registration Attempts Limit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started