Security Advisory

CVE-2023-5525

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-11-27 16:22:06

Last updated 2024-10-01 14:33:32

Assigner WPScan

State PUBLISHED

Description

The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin.

← Browse all CVEs View on cve.org ↗