CVE-2023-5525

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Nov 27, 2023

Updated: Nov 30, 2023

CWE ID 862

Summary

CVE-2023-5525 is a vulnerability affecting the Limit Login Attempts Reloaded plugin for WordPress before version 2.25.26. This issue stems from insufficient authorization on the `toggle_auto_update` AJAX action. Consequently, any user with a valid nonce can manipulate the plugin's auto-update setting, potentially leading to unintended updates or security risks. Unpatched installations are susceptible to this issue, making it essential to update the plugin to the latest version as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/s-DmU1
https://www.cve.org/CVERecord?id=CVE-2023-5525
https://nvd.nist.gov/vuln/detail/CVE-2023-5525

Back to Vulnerability Database

CVE-2023-5525

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations