Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of (per IP address) rate limits because the X-Forwarded-For header can be forged. When the plugin is configured to accept an arbitrary header for the client source IP address, a malicious user is not limited to perform a brute force attack, because the client IP header accepts any arbitrary string. When randomizing the header input, the login count does not ever reach the maximum allowed retries.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WordPress limit-login-attempts-reloaded 安全漏洞
Vulnerability Description
WordPress是WordPress(Wordpress)基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress limit-login-attempts-reloaded plugin 2.17.4 之前版本存在安全漏洞,该漏洞允许绕过(每个IP地址)速率限制,因为x-forwarding for头可以被伪造。当插件被配置为接受客户端源IP地址的任意报头时,恶意用户不受暴力攻击的限制,因为客户端IP报头接受任意字符串。当随机化头部输入时
CVSS Information
N/A
Vulnerability Type
N/A