Vulnerability Description
The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts&tab= XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Limitloginattempts | Limit Login Attempts Reloaded | < 2.17.4 |
Related Weaknesses (CWE)
References
- https://n4nj0.github.io/advisories/wordpress-plugin-limit-login-attempts-reloadeExploitThird Party Advisory
- https://wordpress.org/plugins/limit-login-attempts-reloaded/#developersProductThird Party Advisory
- https://n4nj0.github.io/advisories/wordpress-plugin-limit-login-attempts-reloadeExploitThird Party Advisory
- https://wordpress.org/plugins/limit-login-attempts-reloaded/#developersProductThird Party Advisory
FAQ
What is CVE-2020-35589?
CVE-2020-35589 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts&tab= XSS. A malicious user can cause an administrator user to supply ...
How severe is CVE-2020-35589?
CVE-2020-35589 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-35589?
Check the references section above for vendor advisories and patch information. Affected products include: Limitloginattempts Limit Login Attempts Reloaded.