Every CVE whose affected-product data names Limit Login Attempts Project Limit Login Attempts, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2012-10001 — CVSS 9.8 (critical): The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for…
CVE-2022-0787 — CVSS 9.8 (critical): The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in…
CVE-2023-1912 — CVSS 7.2 (high): The Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lock logging feature in versions up to…
CVE-2021-24657 — CVSS 6.1 (medium): The Limit Login Attempts WordPress plugin before 4.0.50 does not escape the IP addresses (which can be controlled by attacker via headers…
CVE-2023-1861 — CVSS 5.4 (medium): The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs…