WordPress Plugin Vulnerabilities

LOGIN AND REGISTRATION ATTEMPTS LIMIT <= 2.1 - Cross-Site Request Forgery (CSRF)

Description

The plugin does not protect some of its actions against CSRF attacks, allowing an attacker to perform actions on their behalf by tricking a logged in user to submit a crafted request.

Affects Plugins

Plugin icon
login-attempts-limit-wp
No known fix

References

CVE
CVE-2022-47138
URL
https://patchstack.com/database/vulnerability/login-attempts-limit-wp/wordpress-login-and-registration-attempts-limit-plugin-2-1-cross-site-request-forgery-csrf

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
rezaduty
Verified
No
WPVDB ID
7e5a0bec-5a7b-471d-9718-6af3ffd8f694

Timeline

Publicly Published
2023-03-14 (about 3 years ago)
Added
2023-05-29 (about 2 years ago)
Last Updated
2023-05-29 (about 2 years ago)

Other

Published
Title
Published
2023-04-13
Title
Ultimate Noindex Nofollow Tool II < 1.3.4 - Settings Update via CSRF
Published
2024-12-11
Title
WP Mailster < 1.8.18.0 - Cross-Site Request Forgery
Published
2022-05-12
Title
WP Simple Adsense Insertion < 2.1 - Inject ads and javascript via CSRF
Published
2014-08-01
Title
drawblog - CSRF
Published
2024-07-17
Title
Cooked – Recipe Management < 1.8.0 - Cross-Site Request Forgery to Settings Update