[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f1Zy84p_1SyMw1sRPqTKF-kONaTSq1cHz_tfInoLtiWw":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"WF-5e0ce0dc-34eb-4577-82a5-8ed822847ff4-wps-limit-login","wps-limit-login-authorization-bypass-via-ip-spoofing","WPS Limit Login \u003C 1.4.6.1 - Authorization Bypass via IP Spoofing","The WPS Limit Login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.6. This is due to flawed implementation of the get_address() method. This makes it possible for unauthenticated attackers  to run automated scripts to brute force passwords by changing the supplied IP Address in the HTTP header of the request. .","wps-limit-login",null,"\u003C1.4.6.1","1.4.6.1","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Restriction of Excessive Authentication Attempts","2019-07-23 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5e0ce0dc-34eb-4577-82a5-8ed822847ff4?source=api-prod",1645]