ThreatPress

WordPress Vulnerability Database

Back

WordPress Limit Login Attempts Reloaded plugin <= 2.15.2 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Product
Limit Login Attempts Reloaded
Description
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability found by n4nj0 in WordPress Limit Login Attempts Reloaded plugin (versions <= 2.15.2).
Solution
Update the WordPress Limit Login Attempts Reloaded plugin to the latest available version (at least 2.16.0).
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Vulnerability details
Plugin changelog
CVE
Name CVE- 2020-35589
Versions
Affected In <= 2.15.2
Fixed In 2.16.0
Disclosure date
2020-12-21
Credits
n4nj0