Vulnerability Details CVE-2023-5525
The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.0%
CVSS Severity
CVSS v3 Score 4.3
References
Products affected by CVE-2023-5525
-
cpe:2.3:a:limitloginattempts:limit_login_attempts_reloaded:2.10.0
-
cpe:2.3:a:limitloginattempts:limit_login_attempts_reloaded:2.10.1
-
cpe:2.3:a:limitloginattempts:limit_login_attempts_reloaded:2.11.0
-
cpe:2.3:a:limitloginattempts:limit_login_attempts_reloaded:2.12.0
-
cpe:2.3:a:limitloginattempts:limit_login_attempts_reloaded:2.12.1
-
cpe:2.3:a:limitloginattempts:limit_login_attempts_reloaded:2.12.2
-
cpe:2.3:a:limitloginattempts:limit_login_attempts_reloaded:2.12.3
-
cpe:2.3:a:limitloginattempts:limit_login_attempts_reloaded:2.13.0
-
cpe:2.3:a:limitloginattempts:limit_login_attempts_reloaded:2.14.0
-
cpe:2.3:a:limitloginattempts:limit_login_attempts_reloaded:2.15.0
-
cpe:2.3:a:limitloginattempts:limit_login_attempts_reloaded:2.15.1
-
cpe:2.3:a:limitloginattempts:limit_login_attempts_reloaded:2.15.2
-
cpe:2.3:a:limitloginattempts:limit_login_attempts_reloaded:2.17.0
-
cpe:2.3:a:limitloginattempts:limit_login_attempts_reloaded:2.17.1
-
cpe:2.3:a:limitloginattempts:limit_login_attempts_reloaded:2.17.2
-
cpe:2.3:a:limitloginattempts:limit_login_attempts_reloaded:2.17.3
-
cpe:2.3:a:limitloginattempts:limit_login_attempts_reloaded:2.17.4
-
cpe:2.3:a:limitloginattempts:limit_login_attempts_reloaded:2.18.0
-
cpe:2.3:a:limitloginattempts:limit_login_attempts_reloaded:2.7.4
-
cpe:2.3:a:limitloginattempts:limit_login_attempts_reloaded:2.8.0
-
cpe:2.3:a:limitloginattempts:limit_login_attempts_reloaded:2.8.1
-
cpe:2.3:a:limitloginattempts:limit_login_attempts_reloaded:2.9.0