Filtered by vendor Limit Login Attempts Project
Subscribe
Search
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24657 | 1 Limit Login Attempts Project | 1 Limit Login Attempts | 2021-10-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Limit Login Attempts WordPress plugin before 4.0.50 does not escape the IP addresses (which can be controlled by attacker via headers such as X-Forwarded-For) of attempted logins before outputting them in the reports table, leading to an Unauthenticated Stored Cross-Site Scripting issue. | |||||
| CVE-2012-10001 | 1 Limit Login Attempts Project | 1 Limit Login Attempts | 2021-01-08 | 5.0 MEDIUM | 9.8 CRITICAL |
| The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote attackers to conduct brute-force authentication attempts. | |||||