Lucene search
HistoryMay 02, 2023 - 8:15 a.m.
CVE-2023-1861
limit login attempts
wordpress
plugin
username
escape
logs
dashboard
authenticated users
stored cross-site scripting
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
23.5%
The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks
Affected configurations
Node
limit_login_attempts_projectlimit_login_attemptsRange≤1.7.2wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| limit_login_attempts_project | limit_login_attempts | * | cpe:2.3:a:limit_login_attempts_project:limit_login_attempts:*:*:*:*:*:wordpress:*:* |
Related
cve
cve
CVE-2023-1861
2023-05-02 08:15:10
cvelist
cvelist
CVE-2023-1861 Limit Login Attempts < 1.7.2 - Subscriber+ Stored XSS
2023-05-02 07:04:50
wpexploit
wpexploit
Limit Login Attempts < 1.7.2 - Subscriber+ Stored XSS
2023-04-10 00:00:00
wpvulndb
wpvulndb
Limit Login Attempts < 1.7.2 - Subscriber+ Stored XSS
2023-04-10 00:00:00
prion
prion
Cross site scripting
2023-05-02 08:15:00
wordfence
wordfence
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
23.5%
Related for NVD:CVE-2023-1861