CVE-2022-0787

CRITICAL NUCLEI

WordPress Plugin <5.1 - SQL Injection

Title source: llm

Description

The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections

Nuclei Templates (1)

Limit Login Attempts (Spam Protection) < 5.1 - SQL Injection

CRITICALVERIFIEDby theamanrawat

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/69329a8a-2cbe-4f99-a367-b152bd85b3dd

Scores

CVSS v3 9.8

EPSS 0.4725

EPSS Percentile 97.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

limit_login_attempts_project/limit_login_attempts < 5.1

Published Mar 28, 2022

Tracked Since Feb 18, 2026