CVE-2022-1029

MEDIUM NUCLEI

Miniorange Limit Login Attempts < 4.0.72 - XSS

Title source: rule

Description

The Limit Login Attempts WordPress plugin before 4.0.72 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)

Nuclei Templates (1)

Limit Login Attempts - Stored Cross-Site Scripting

MEDIUMVERIFIEDby theamanrawat

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/0e74eeb4-89e2-4873-904f-ad4f25c4a8ba

Scores

CVSS v3 4.8

EPSS 0.0046

EPSS Percentile 63.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

miniorange/limit_login_attempts < 4.0.72

Published Jun 27, 2022

Tracked Since Feb 18, 2026