Vulnerabilities > CVE-2023-5525 - Missing Authorization vulnerability in Limitloginattempts Limit Login Attempts Reloaded

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
limitloginattempts
CWE-862
NVD
Published: 2023-11-27
Updated: 2024-11-21

Summary

The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin.

Vulnerable Configurations

Part Description Count
Application
Limitloginattempts
23

Common Weakness Enumeration (CWE)

References