Unknown Limit Login Attempts vulnerabilities

3 known vulnerabilities affecting unknown/limit_login_attempts.

Total CVEs

3

CISA KEV

0

Public exploits

2

Exploited in wild

0

Severity breakdown

MEDIUM3

Vulnerabilities

Page 1 of 1

CVE-2023-1861MEDIUMCVSS 5.4≤ 1.7.22023-05-02

CVE-2023-1861 [MEDIUM] CWE-79 CVE-2023-1861: The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks

CVE-2022-1029MEDIUMCVSS 4.8PoC≥ 4.0.72, < 4.0.722022-06-27

CVE-2022-1029 [MEDIUM] CWE-79 CVE-2022-1029: The Limit Login Attempts WordPress plugin before 4.0.72 does not sanitise and escape some of its set The Limit Login Attempts WordPress plugin before 4.0.72 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)

CVE-2021-24657MEDIUMCVSS 6.1PoC≥ 4.0.50, < 4.0.502021-09-20

CVE-2021-24657 [MEDIUM] CWE-79 CVE-2021-24657: The Limit Login Attempts WordPress plugin before 4.0.50 does not escape the IP addresses (which can The Limit Login Attempts WordPress plugin before 4.0.50 does not escape the IP addresses (which can be controlled by attacker via headers such as X-Forwarded-For) of attempted logins before outputting them in the reports table, leading to an Unauthenticated Stored Cross-Site Scripting issue.