Ciphercoin: >> Wp Limit Login Attempts Security Vulnerabilities
The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based restrictions on login forms.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-01-23
Multiple SQL injection vulnerabilities in the getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin before 2.0.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header.
CVSS Score
7.5
EPSS Score
0.005
Published
2015-09-16