Login Lockdown & Protection

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Description

The Login Lockdown & Protection plugin for WordPress is vulnerable to IP Block Bypass in all versions up to, and including, 2.14. This is due to $unblock_key key being insufficiently random allowing unauthenticated users, with access to an administrative user email, to generate valid unblock keys for their IP Address. This makes it possible for unauthenticated attackers to bypass blocks due to invalid login attempts.

Basic Information

ID CVE-2025-11707

Source Wordfence

Published Dec 13, 2025 at 04:31

Affected Product

Vendor webfactory

Product Login Lockdown & Protection

Version *

Affected Versions webfactory Login Lockdown & Protection *

CWE Classification

CWE-330

References

{
    "lastseen": "",
    "description": "The Login Lockdown & Protection plugin for WordPress is vulnerable to IP Block Bypass in all versions up to, and including, 2.14. This is due to $unblock_key key being insufficiently random allowing unauthenticated users, with access to an administrative user email, to generate valid unblock keys for their IP Address. This makes it possible for unauthenticated attackers to bypass blocks due to invalid login attempts.",
    "published": "2025-12-13T04:31:30.625Z",
    "modified": "2025-12-13T04:31:30.625Z",
    "type": "cve",
    "title": "Login Lockdown & Protection <= 2.14 - IP Block Bypass",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9c732ea2-0263-4b18-9aa4-29e387b26362?source=cve\nhttps://plugins.trac.wordpress.org/browser/login-lockdown/trunk/libs/functions.php\nhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3389843%40login-lockdown&new=3389843%40login-lockdown&sfp_email=&sfph_mail=",
    "id": "CVE-2025-11707",
    "bulletinFamily": "",
    "cwe": [
        "CWE-330"
    ],
    "cvelist": null,
    "sourceData": "webfactory Login Lockdown & Protection *",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Login Lockdown & Protection",
    "version": "*",
    "vendor": "webfactory",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Login Lockdown & Protection <= 2.14 - IP Block Bypass_CVE-2025-11707