WordPress Limit Login Attempts Reloaded plugin <= 2.17.3 - Login Rate Limiting Bypass vulnerability

Back

Product: Limit Login Attempts Reloaded
Description: Login Rate Limiting Bypass vulnerability found by n4nj0 in WordPress Limit Login Attempts Reloaded plugin (versions <= 2.17.3).
Solution: Update the WordPress Limit Login Attempts Reloaded plugin to the latest available version (at least 2.17.4).
Classification: Type BYPASS
OWASP Top 10 A5: Security Misconfiguration
References: Vulnerability details
Plugin changelog
CVE: Name CVE- 2020-35590
Versions: Affected In <= 2.17.3
Fixed In 2.17.4
Disclosure date: 2020-12-21
Credits: n4nj0

ThreatPress