PT-2023-32155 · WordPress · Limit-Login-Attempts-Reloaded
Alex Sanford
·
Published
2023-11-27
·
Updated
2024-10-01
·
CVE-2023-5525
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Limit Login Attempts Reloaded WordPress plugin versions prior to 2.25.26
Description
The issue is related to missing authorization on the
toggle auto update AJAX action. This allows any user with a valid nonce to toggle the auto-update status of the plugin.Recommendations
For versions prior to 2.25.26, update to version 2.25.26 or later to resolve the issue. As a temporary workaround, consider restricting access to the
toggle auto update AJAX action to prevent unauthorized changes to the plugin's auto-update status.Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Limit-Login-Attempts-Reloaded