Limitloginattempts Limit_login_attempts_reloaded
4 CVEs affecting Limitloginattempts Limit_login_attempts_reloaded. Latest disclosed: 2024-01-11. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-35590 | Critical | 9.8 | 2020-12-21 | LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of (per IP address) rate limits because the X-Fo… |
CVE-2023-6934 | Medium | 6.4 | 2024-01-11 | The Limit Login Attempts Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and in… |
CVE-2020-35589 | Medium | 5.4 | 2020-12-21 | The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts&tab= XSS. A malicious user c… |
CVE-2023-5525 | Medium | 4.3 | 2023-11-27 | The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a va… |