WordPress Plugin Vulnerabilities

Limit Attempts < 1.1.1 - SQL Injection

Description

The Limit Attempts by BestWebSoft WordPress plugin was affected by a SQL Injection security vulnerability.

Affects Plugins

Plugin icon
limit-attempts
Fixed in 1.1.1

References

CVE
CVE-2015-9335

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Verified
No
WPVDB ID
99468977-95b4-4af6-bbe5-2385004384b6

Timeline

Publicly Published
2015-10-09 (about 10 years ago)
Added
2019-08-25 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2026-05-01
Title
Geo Mashup < 1.13.19 - Unauthenticated Time-Based SQL Injection via 'map_post_type' Parameter
Published
2016-09-11
Title
MailPoet Newsletters <= 2.7.2 - SQL Injection
Published
2025-04-18
Title
JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin < 2.4.0 - Unauthenticated SQL Injection
Published
2024-08-22
Title
TI WooCommerce Wishlist < 2.9.0 - Unauthenticated SQL Injection
Published
2026-01-05
Title
Lobo < 2.8.6 - Authenticated (Subscriber+) SQL Injection