CVE-2023-1861

The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks
Configurations

Configuration 1 (hide)

cpe:2.3:a:limit_login_attempts_project:limit_login_attempts:*:*:*:*:*:wordpress:*:*

History

30 Jan 2025, 15:15

Type Values Removed Values Added
CWE CWE-79

21 Nov 2024, 07:40

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/461cbcca-aed7-4c92-ba35-ebabf4fcd810 - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/461cbcca-aed7-4c92-ba35-ebabf4fcd810 - Exploit, Third Party Advisory

08 May 2023, 18:10

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
CPE cpe:2.3:a:limit_login_attempts_project:limit_login_attempts:*:*:*:*:*:wordpress:*:*
References (MISC) https://wpscan.com/vulnerability/461cbcca-aed7-4c92-ba35-ebabf4fcd810 - (MISC) https://wpscan.com/vulnerability/461cbcca-aed7-4c92-ba35-ebabf4fcd810 - Exploit, Third Party Advisory

02 May 2023, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-02 08:15

Updated : 2025-01-30 15:15


NVD link : CVE-2023-1861

Mitre link : CVE-2023-1861

CVE.ORG link : CVE-2023-1861


JSON object : View

Products Affected

limit_login_attempts_project

  • limit_login_attempts
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')