Unauthenticated SQL Injection (SQLi) vulnerability discovered by cydave in WordPress Limit Login Attempts (Spam Protection) plugin (versions <= 4.9.1).
Update the WordPress Limit Login Attempts (Spam Protection) plugin to the latest available version (at least 5.1).