WordPress Plugin Vulnerabilities

Limit Login Attempts Reloaded < 2.17.4 - Login Rate Limiting Bypass

Description

When the plugin is configured with a custom header in its Trusted IP Origins setting (e.g X-Forwarded-For), attackers could bypass the protection offered by tampering the header sent in requests.

Affects Plugins

limit-login-attempts-reloaded

Fixed in version 2.17.4

References

CVE

CVE-2020-35590

URL

https://n4nj0.github.io/advisories/wordpress-plugin-limit-login-attempts-reloaded/

Classification

Type

BYPASS

Miscellaneous

Original Researcher

n4nj0

Verified

WPVDB ID

66dbc019-ba09-4a3f-a16d-fa04eea99ea8

Timeline

Publicly Published

2020-12-14 (about 2 years ago)

Added

2020-12-21 (about 2 years ago)

Last Updated

2020-12-22 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin