Limit Login Attempts (Spam Protection), 3961132f-ecc1-4f41-83f1-3ac537143b38

CVE, Research URL: 3961132f-ecc1-4f41-83f1-3ac537143b38
Home page URL: Security reports for Limit Login Attempts (Spam Protection)
Application: Limit Login Attempts (Spam Protection)
Published on: -
Research Description: Limit Login Attempts (Spam Protection) [wp-limit-failed-login-attempts] < 3.1 Multiple WP-Buy Plugins - Arbitrary Plugin Installation/Activation via CSRF The "cp_plugins_do_button_job_later_callback" AJAX action, from multiple plugins of the WP-Buy vendor, was lacking CSRF check, allowing attackers to make a logged in administrator install and active arbitrary plugins (including specific version) from the WordPress repository which could lead to more critical vulnerabilities like RCE.
Affected versions: max 3.1.
Status: vulnerable