Plugin Vulnerability

Viewing 5 replies - 1 through 5 (of 5 total)
  • Pat K

    (@blackcapdesign)

    Hello nvispute,

    (This is a copy of my reply to your plugin review…)

    Thanks for posting your information BUT I’m pretty darn sure the vulnerability you’re referring to applies to “WP Limit Login Attempts” https://www.ads-software.com/plugins/wp-limit-login-attempts/ NOT this plugin (“Limit Login Attempts”).

    You will notice the wpvulndb.com link at the top https://wpvulndb.com/plugins/wp-limit-login-attempts AND reference to a fix in version 2.0.1 …the most recent version of this plugin is 1.7.1

    Just wanting to clarify the reported vulnerability doesn’t apply to this plugin….so your sites that were hacked may be related to something else entirely.

    Cheers
    PK

    The vulnerability and disclosure you link to is for “WP Limit Login Attempts”, an unfortunately similarly-named but apparently different plugin (located at https://www.ads-software.com/plugins/wp-limit-login-attempts/).

    Are you sure that “Limit Login Attempts” is 1) the plugin your clients were using and 2) also vulnerable?

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    Limit Login Attempts does not share that vulnerability.

    Thanks for the confirmation that Limit Login Attempts does not share that vulnerability, Ipstenu; checking for that is beyond my skillset.

    (Pat K’s reply was not here when I posted yesterday; not sure why it was not, since it’s shown now as being posted earlier than mine.)

    Thread Starter nvispute

    (@nvispute)

    i see the difference… my bad.. sorry for the inconvenience and thanks for the confirmation(corrections)

    Although i am sure that the client were running Limit Login and not Wp-limit-login.. i guess i need redo my analysis to find the exact cause of breach..

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Plugin Vulnerability’ is closed to new replies.