← Back

Wp Limit Login Attempts

wp_limit_login_attempts

Vendor: Ciphercoin • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-4303
1Ciphercoin
1Wp Limit Login Attempts
Jun 17, 2026
Jan 23, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based restrictions on login forms.
CVE-2015-6829
1Ciphercoin
1Wp Limit Login Attempts
May 6, 2026
Sep 16, 2015
N/A· v4
N/A· v3
7.5 HIGH· v2
Multiple SQL injection vulnerabilities in the getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin before 2.0.1 for WordPress allow remote attackers to execute arbitrary SQL commands via th...Show more
Multiple SQL injection vulnerabilities in the getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin before 2.0.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header.Show less