cleantalk
Vulnerabilities and Security Researches

IP Based Login, CVE-2024-12800

CVE, Research URL

CVE-2024-12800

Home page URL

Security reports for IP Based Login

Application

IP Based Login

Published on
May 16, 2025
Research Description
The IP Based Login WordPress plugin before 2.4.1 does not sanitise values when importing, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions
max 2.4.1.
Status
vulnerable
Previous vulnerability researches
IP Based Login (CVE-2025-58960) , Apr 26, 2026
IP Based Login (CVE-2025-50016) , Jul 02, 2025
IP Based Login (CVE-2024-13118) , Mar 15, 2025
IP Based Login (CVE-2024-12800) , Mar 15, 2025
New vulnerability
MaxiBlocks Free Page Builder & Template Library (CVE-2026-2028) , Apr 26, 2026
WordPress Books Gallery (CVE-2026-5347) , Apr 26, 2026
LMS by Masteriyo – WordPress Learning Management System, eLearning Platform, Online Education System & Online Course (CVE-2026-39524) , Apr 26, 2026
Newsletter – Send awesome emails from WordPress (CVE-2025-3582) , Apr 26, 2026
Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Car (CVE-2024-4002) , Apr 26, 2026