A software update to fix a serious vulnerability in the Limit Login Attempts WordPress security plugin was made available on April 11th, 2023. It’s one of the most widely used WordPress plugins for preventing unauthorised access to administrator dashboards, with over 600,000 installs. In an odd twist, this vulnerability can enable attackers to accomplish the exact opposite by enabling hostile unauthenticated website takeovers.
This plugin is especially well-liked since it fixes a serious issue that plagues WordPress websites’ default configurations: the absence of a cap on the number of failed login attempts. As a result, password guessing and brute force attacks can be used against WordPress websites utilising default installations.