CVE-2023-1912 - OpenCVE

The Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lock logging feature in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrator accesses the plugin's settings page. This only works when the plugin prioritizes use of the X-FORWARDED-FOR header, which can be configured in its settings.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Limit Login Attempts Project	Limit Login Attempts

Configuration 1 [-]

cpe:2.3:a:limit_login_attempts_project:limit_login_attempts:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/171824/WordPress-Limit-Login-Attempts-1.7.1-Cross-Site-Scripting.html
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=551920%40limit-login-attempts%2Ftags%2F1.7.1&new=2893850%40limit-login-attempts%2Ftags%2F1.7.2
https://www.pluginvulnerabilities.com/2018/03/09/one-of-the-ten-most-popular-wordpress-plugins-isnt-needed-and-introduces-a-vulnerability-on-some-websites-using-it/
https://www.wordfence.com/threat-intel/vulnerabilities/id/cb8c80fc-3b51-4003-b221-6f02e74bead0?source=cve

History

No history.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-04-06T14:37:58.264Z

Updated: 2024-08-02T06:05:26.598Z

Reserved: 2023-04-06T14:28:30.212Z

Link: CVE-2023-1912

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-04-06T15:15:08.837

Modified: 2023-11-07T04:05:21.317

Link: CVE-2023-1912

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-1912", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2023-04-06T14:28:30.212Z", "datePublished": "2023-04-06T14:37:58.264Z", "dateUpdated": "2024-08-02T06:05:26.598Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2023-04-12T16:22:09.793Z"}, "affected": [{"vendor": "automattic", "product": "Limit Login Attempts", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "1.7.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lock logging feature in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrator accesses the plugin's settings page. This only works when the plugin prioritizes use of the X-FORWARDED-FOR header, which can be configured in its settings."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cb8c80fc-3b51-4003-b221-6f02e74bead0?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=551920%40limit-login-attempts%2Ftags%2F1.7.1&new=2893850%40limit-login-attempts%2Ftags%2F1.7.2"}, {"url": "https://www.pluginvulnerabilities.com/2018/03/09/one-of-the-ten-most-popular-wordpress-plugins-isnt-needed-and-introduces-a-vulnerability-on-some-websites-using-it/"}, {"url": "http://packetstormsecurity.com/files/171824/WordPress-Limit-Login-Attempts-1.7.1-Cross-Site-Scripting.html"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Marco Wotschka"}], "timeline": [{"time": "2023-01-27T00:00:00.000+00:00", "lang": "en", "value": "Discovered"}, {"time": "2023-04-06T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:05:26.598Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cb8c80fc-3b51-4003-b221-6f02e74bead0?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=551920%40limit-login-attempts%2Ftags%2F1.7.1&new=2893850%40limit-login-attempts%2Ftags%2F1.7.2", "tags": ["x_transferred"]}, {"url": "https://www.pluginvulnerabilities.com/2018/03/09/one-of-the-ten-most-popular-wordpress-plugins-isnt-needed-and-introduces-a-vulnerability-on-some-websites-using-it/", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/171824/WordPress-Limit-Login-Attempts-1.7.1-Cross-Site-Scripting.html", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:limit_login_attempts_project:limit_login_attempts:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "BE282D7B-D155-4E0B-BBF5-27879D0F1BBA", "versionEndIncluding": "1.7.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lock logging feature in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrator accesses the plugin's settings page. This only works when the plugin prioritizes use of the X-FORWARDED-FOR header, which can be configured in its settings."}], "id": "CVE-2023-1912", "lastModified": "2023-11-07T04:05:21.317", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2023-04-06T15:15:08.837", "references": [{"source": "security@wordfence.com", "url": "http://packetstormsecurity.com/files/171824/WordPress-Limit-Login-Attempts-1.7.1-Cross-Site-Scripting.html"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=551920%40limit-login-attempts%2Ftags%2F1.7.1&new=2893850%40limit-login-attempts%2Ftags%2F1.7.2"}, {"source": "security@wordfence.com", "url": "https://www.pluginvulnerabilities.com/2018/03/09/one-of-the-ten-most-popular-wordpress-plugins-isnt-needed-and-introduces-a-vulnerability-on-some-websites-using-it/"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cb8c80fc-3b51-4003-b221-6f02e74bead0?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified"}