cleantalk
Vulnerabilities and Security Researches

Limit Login Attempts (Spam Protection), CVE-2021-24188

CVE, Research URL

CVE-2021-24188

Home page URL

Security reports for Limit Login Attempts (Spam Protection)

Application

Limit Login Attempts (Spam Protection)

Published on
May 14, 2021
Research Description
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Content Copy Protection & No Right Click WordPress plugin before 3.1.5, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
Affected versions
Min -, max 2.9.
Status
vulnerable
Previous vulnerability researches
WP Maintenance Mode & Site Under Construction (CVE-2025-49284) , Jun 15, 2025
WP Maintenance Mode & Site Under Construction (CVE-2021-24193) , Jun 07, 2024
WP Maintenance Mode & Site Under Construction (CVE-2021-24190) , Jun 07, 2024
WP Maintenance Mode & Site Under Construction (CVE-2021-24192) , Jun 07, 2024
WP Maintenance Mode & Site Under Construction (CVE-2021-24195) , Jun 07, 2024
New vulnerability
Master Addons for Elementor (CVE-2025-5284) , Jul 20, 2025
Attachment Manager (CVE-2025-7643) , Jul 19, 2025
B1.lt (CVE-2025-6718) , Jul 19, 2025
B1.lt (CVE-2025-6717) , Jul 19, 2025
Widget for Google Reviews (CVE-2025-53565) , Jul 19, 2025