ByteOS Network

NVD Vulnerability Details :

CVE-2015-6829

Deferred

Source-cve@mitre.org

Published At-16 Sep, 2015 | 14:59

Updated At-12 Apr, 2025 | 10:46

Multiple SQL injection vulnerabilities in the getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin before 2.0.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

ciphercoin>>wp_limit_login_attempts>>Versions up to 2.0.0(inclusive)

cpe:2.3:a:ciphercoin:wp_limit_login_attempts:*:*:*:*:*:wordpress:*:*

Weaknesses

CWE ID	Type	Source
CWE-89	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.openwall.com/lists/oss-security/2015/09/05/4	cve@mitre.org	Exploit
http://www.openwall.com/lists/oss-security/2015/09/06/3	cve@mitre.org	Exploit
https://plugins.trac.wordpress.org/changeset/1239492/wp-limit-login-attempts	cve@mitre.org	N/A
https://wordpress.org/support/topic/sql-injection-vulnerability-9	cve@mitre.org	Exploit
https://wpvulndb.com/vulnerabilities/8178	cve@mitre.org	N/A
http://www.openwall.com/lists/oss-security/2015/09/05/4	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://www.openwall.com/lists/oss-security/2015/09/06/3	af854a3a-2127-422b-91ae-364da2661108	Exploit
https://plugins.trac.wordpress.org/changeset/1239492/wp-limit-login-attempts	af854a3a-2127-422b-91ae-364da2661108	N/A
https://wordpress.org/support/topic/sql-injection-vulnerability-9	af854a3a-2127-422b-91ae-364da2661108	Exploit
https://wpvulndb.com/vulnerabilities/8178	af854a3a-2127-422b-91ae-364da2661108	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History