Limitloginattempts Limit Login Attempts Reloaded — known CVE vulnerabilities
Every CVE whose affected-product data names Limitloginattempts Limit Login Attempts Reloaded, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2020-35590 — CVSS 9.8 (critical): LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of (per IP address) rate…
CVE-2023-6934 — CVSS 6.4 (medium): The Limit Login Attempts Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all…
CVE-2020-35589 — CVSS 5.4 (medium): The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts&tab=…
CVE-2023-5525 — CVSS 4.3 (medium): The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action…