{"vulnerability": "cve-2021-24657", "sightings": [{"uuid": "49dc8144-5144-4216-9e5a-5b2092c7e75c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24657", "type": "seen", "source": "https://t.me/cibsecurity/29093", "content": "\u203c CVE-2021-24657 \u203c\n\nThe Limit Login Attempts WordPress plugin before 4.0.50 does not escape the IP addresses (which can be controlled by attacker via headers such as X-Forwarded-For) of attempted logins before outputting them in the reports table, leading to an Unauthenticated Stored Cross-Site Scripting issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-20T14:26:58.000000Z"}, {"uuid": "20bd61dc-feb3-40d6-bc9e-aa9f6624153c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-24657", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24657.yaml", "content": "", "creation_timestamp": "2025-12-12T08:35:51.000000Z"}]}