{"uuid": "49dc8144-5144-4216-9e5a-5b2092c7e75c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24657", "type": "seen", "source": "https://t.me/cibsecurity/29093", "content": "\u203c CVE-2021-24657 \u203c\n\nThe Limit Login Attempts WordPress plugin before 4.0.50 does not escape the IP addresses (which can be controlled by attacker via headers such as X-Forwarded-For) of attempted logins before outputting them in the reports table, leading to an Unauthenticated Stored Cross-Site Scripting issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-20T14:26:58.000000Z"}