CVE-2023-1912

The Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lock logging feature in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrator accesses the plugin's settings page. This only works when the plugin prioritizes use of the X-FORWARDED-FOR header, which can be configured in its settings.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
limit_login_attempts_projectlimit_login_attempts
𝑥
≤ 1.7.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=551920%40limit-login-attempts%2Ftags%2F1.7.1&new=2893850%40limit-login-attempts%2Ftags%2F1.7.2
https://www.pluginvulnerabilities.com/2018/03/09/one-of-the-ten-most-popular-wordpress-plugins-isnt-needed-and-introduces-a-vulnerability-on-some-websites-using-it/
https://www.wordfence.com/blog/2023/04/update-now-severe-vulnerability-impacting-600000-sites-patched-in-limit-login-attempts/
https://www.wordfence.com/threat-intel/vulnerabilities/id/cb8c80fc-3b51-4003-b221-6f02e74bead0?source=cve
http://packetstormsecurity.com/files/171824/WordPress-Limit-Login-Attempts-1.7.1-Cross-Site-Scripting.html
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=551920%40limit-login-attempts%2Ftags%2F1.7.1&new=2893850%40limit-login-attempts%2Ftags%2F1.7.2
https://www.pluginvulnerabilities.com/2018/03/09/one-of-the-ten-most-popular-wordpress-plugins-isnt-needed-and-introduces-a-vulnerability-on-some-websites-using-it/
https://www.wordfence.com/threat-intel/vulnerabilities/id/cb8c80fc-3b51-4003-b221-6f02e74bead0?source=cve