Limit_login_attempts_project Limit_login_attempts
5 CVEs affecting Limit_login_attempts_project Limit_login_attempts. Latest disclosed: 2023-05-02. Critical: 2, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-0787 | Critical | 9.8 | 2022-03-28 | The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJA… |
CVE-2012-10001 | Critical | 9.8 | 2021-01-06 | The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote attackers to condu… |
CVE-2023-1912 | High | 7.2 | 2023-04-06 | The Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lock logging feature in versions up to, and including, 1.7.1… |
CVE-2021-24657 | Medium | 6.1 | 2021-09-20 | The Limit Login Attempts WordPress plugin before 4.0.50 does not escape the IP addresses (which can be controlled by attacker via headers such as X-Forwarded-F… |
CVE-2023-1861 | Medium | 5.4 | 2023-05-02 | The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could all… |