Wp Login Lockdown

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:webfactoryltd:wp_login_lockdown:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

VendorWebfactoryltd (42e366d7-a42e-568c-8deb-d59744fb0f59)
ProductWp Login Lockdown (7b2116e8-66a9-5286-88ef-fbd1cae3362c)
Edition*
Language*
Software edition*
Target softwarewordpress
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-1340 vulnerable 2026-06-03 14:54:26.727332 Login Lockdown – Protect Login Form <= 2.08 - Missing Authorization
MEDIUM (5.4)
The Login Lockdown – Protect Login Form plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the generate_export_file function in all versions up to, and including, 2.08. This makes it possible for authenticated attackers, with subscriber access and higher, to export this plugin's settings that include whitelisted IP addresses as well as a global unlock key. With the global unlock key an attacker can add their IP address to the whitelist.
Published: 2024-02-20T18:56:25.837Z
Updated: 2026-04-08T16:45:38.586Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-50837 vulnerable 2026-06-03 14:53:31.542407 WordPress Login Lockdown Plugin <= 2.06 is vulnerable to SQL Injection
HIGH (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form.This issue affects Login Lockdown – Protect Login Form: from n/a through 2.06.
Published: 2023-12-29T11:43:49.093Z
Updated: 2026-04-28T16:08:59.104Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.