PT-2021-8358 · WordPress · Limit Login Attempts

Published

2021-01-06

Updated

2021-01-08

CVE-2012-10001

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Limit Login Attempts plugin versions prior to 1.7.1

Description The issue allows remote attackers to conduct brute-force authentication attempts more easily because auth cookies are not cleared upon a lockout.

Recommendations For versions prior to 1.7.1, update to version 1.7.1 or later to resolve the issue. As a temporary workaround, consider manually clearing auth cookies upon a lockout to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2012-10001

Affected Products

Limit Login Attempts

PT-2021-8358 · WordPress · Limit Login Attempts

CVE-2012-10001

Weakness Enumeration

Related Identifiers

Affected Products

References · 4