Limitloginattempts Limit_login_attempts_reloaded

4 CVEs affecting Limitloginattempts Limit_login_attempts_reloaded. Latest disclosed: 2024-01-11. Critical: 1, High: 0.

Top CVEs affecting Limitloginattempts Limit_login_attempts_reloaded
CVESeverityScorePublishedSummary
CVE-2020-35590Critical9.82020-12-21LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of (per IP address) rate limits because the X-Fo…
CVE-2023-6934Medium6.42024-01-11The Limit Login Attempts Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and in…
CVE-2020-35589Medium5.42020-12-21The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts&tab= XSS. A malicious user c…
CVE-2023-5525Medium4.32023-11-27The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a va…