vulnerability
WordPress Plugin: wp-limit-failed-login-attempts: CVE-2021-24194: Improper Authorization
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
7 | (AV:N/AC:L/Au:S/C:P/I:P/A:P) | Apr 22, 2021 | May 15, 2025 | May 15, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
Apr 22, 2021
Added
May 15, 2025
Modified
May 15, 2025
Description
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login Protection - Limit Failed Login Attempts WordPress plugin before 2.9, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from the blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
Solution
wp-limit-failed-login-attempts-plugin-cve-2021-24194

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.