CVE-2024-13530

Summary

CVE-2024-13530: This vulnerability affects the "Custom Login Page Styler – Limit Login Attempts – Restrict Content With Login – Redirect After Login – Change Login URL – Sign in, Sign out" plugin for WordPress. The flaw lies in the missing capability checks on the functions lps_handle_delete_all_logs(), lps_handle_delete_login_log(), and lps_handle_end_session(). An authenticated attacker with Subscriber-level access or higher can exploit this vulnerability to delete login logs and terminate user sessions. This poses a security risk, as the deleted logs may conceal unauthorized login attempts and malicious activities. Upgrading to a patched version of the plugin is recommended to mitigate this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.