Title: Plugin Vulnerability
Last modified: August 30, 2016

---

# Plugin Vulnerability

 *  Resolved [nvispute](https://wordpress.org/support/users/nvispute/)
 * (@nvispute)
 * [10 years, 6 months ago](https://wordpress.org/support/topic/plugin-vulnerability-1/)
 * Recently my clients website got hacked 3 times in less than a month.. when i 
   did a bit of research i found that this plugin was vulnerable.. Adding the wpvulndb
   link for reference..
 * Please suggest..
 * [https://wpvulndb.com/vulnerabilities/8178](https://wpvulndb.com/vulnerabilities/8178)
 * [https://wordpress.org/plugins/limit-login-attempts/](https://wordpress.org/plugins/limit-login-attempts/)

Viewing 5 replies - 1 through 5 (of 5 total)

 *  [Pat K](https://wordpress.org/support/users/blackcapdesign/)
 * (@blackcapdesign)
 * [10 years, 6 months ago](https://wordpress.org/support/topic/plugin-vulnerability-1/#post-6545078)
 * Hello nvispute,
 * (This is a copy of my reply to your plugin review…)
 * Thanks for posting your information BUT I’m pretty darn sure the vulnerability
   you’re referring to applies to “WP Limit Login Attempts” [https://wordpress.org/plugins/wp-limit-login-attempts/](https://wordpress.org/plugins/wp-limit-login-attempts/)
   NOT this plugin (“Limit Login Attempts”).
 * You will notice the wpvulndb.com link at the top [https://wpvulndb.com/plugins/wp-limit-login-attempts](https://wpvulndb.com/plugins/wp-limit-login-attempts)
   AND reference to a fix in version 2.0.1 …the most recent version of this plugin
   is 1.7.1
 * Just wanting to clarify the reported vulnerability doesn’t apply to this plugin….
   so your sites that were hacked may be related to something else entirely.
 * Cheers
    PK
 *  [sardisson](https://wordpress.org/support/users/sardisson/)
 * (@sardisson)
 * [10 years, 6 months ago](https://wordpress.org/support/topic/plugin-vulnerability-1/#post-6545081)
 * The vulnerability and disclosure you link to is for “WP Limit Login Attempts”,
   an unfortunately similarly-named but apparently different plugin (located at 
   [https://wordpress.org/plugins/wp-limit-login-attempts/](https://wordpress.org/plugins/wp-limit-login-attempts/)).
 * Are you sure that “Limit Login Attempts” is 1) the plugin your clients were using
   and 2) also vulnerable?
 *  Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/)
 * (@ipstenu)
 * 🏳️‍🌈 Advisor and Activist
 * [10 years, 6 months ago](https://wordpress.org/support/topic/plugin-vulnerability-1/#post-6545111)
 * Limit Login Attempts does not share that vulnerability.
 *  [sardisson](https://wordpress.org/support/users/sardisson/)
 * (@sardisson)
 * [10 years, 6 months ago](https://wordpress.org/support/topic/plugin-vulnerability-1/#post-6545117)
 * Thanks for the confirmation that Limit Login Attempts does not share that vulnerability,
   Ipstenu; checking for that is beyond my skillset.
 * (Pat K’s reply was not here when I posted yesterday; not sure why it was not,
   since it’s shown now as being posted earlier than mine.)
 *  Thread Starter [nvispute](https://wordpress.org/support/users/nvispute/)
 * (@nvispute)
 * [10 years, 6 months ago](https://wordpress.org/support/topic/plugin-vulnerability-1/#post-6545139)
 * i see the difference… my bad.. sorry for the inconvenience and thanks for the
   confirmation(corrections)
 * Although i am sure that the client were running Limit Login and not Wp-limit-
   login.. i guess i need redo my analysis to find the exact cause of breach..

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Plugin Vulnerability’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/limit-login-attempts.svg)
 * [Limit Login Attempts](https://wordpress.org/plugins/limit-login-attempts/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/limit-login-attempts/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/limit-login-attempts/)
 * [Active Topics](https://wordpress.org/support/plugin/limit-login-attempts/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/limit-login-attempts/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/limit-login-attempts/reviews/)

## Tags

 * [hacked](https://wordpress.org/support/topic-tag/hacked/)

 * 5 replies
 * 4 participants
 * Last reply from: [nvispute](https://wordpress.org/support/users/nvispute/)
 * Last activity: [10 years, 6 months ago](https://wordpress.org/support/topic/plugin-vulnerability-1/#post-6545139)
 * Status: resolved