The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts&tab= XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims.
References
Link | Resource |
---|---|
https://n4nj0.github.io/advisories/wordpress-plugin-limit-login-attempts-reloaded/ | Exploit Third Party Advisory |
https://wordpress.org/plugins/limit-login-attempts-reloaded/#developers | Product Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2020-12-21 07:15
Updated : 2024-02-04 21:23
NVD link : CVE-2020-35589
Mitre link : CVE-2020-35589
CVE.ORG link : CVE-2020-35589
JSON object : View
Products Affected
limitloginattempts
- limit_login_attempts_reloaded
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')