{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-24T03:43:35.152","vulnerabilities":[{"cve":{"id":"CVE-2024-1340","sourceIdentifier":"security@wordfence.com","published":"2024-02-29T01:43:48.777","lastModified":"2026-06-17T07:04:01.120","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Login Lockdown – Protect Login Form plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the generate_export_file function in all versions up to, and including, 2.08. This makes it possible for authenticated attackers, with subscriber access and higher, to export this plugin's settings that include whitelisted IP addresses as well as a global unlock key. With the global unlock key an attacker can add their IP address to the whitelist."},{"lang":"es","value":"El complemento Login Lockdown – Protect Login Form para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificación de capacidad en la función generate_export_file en todas las versiones hasta la 2.08 incluida. Esto hace posible que atacantes autenticados, con acceso de suscriptor y superior, exporten la configuración de este complemento que incluye direcciones IP incluidas en la lista blanca, así como una clave de desbloqueo global. Con la clave de desbloqueo global, un atacante puede agregar su dirección IP a la lista blanca."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"webfactory","product":"Login Lockdown & Protection","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.08","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-02-29T16:52:59.186465Z","id":"CVE-2024-1340","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:webfactoryltd:wp_login_lockdown:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"2.09","matchCriteriaId":"B1099260-1378-4F10-853D-9101C5D1D3EC"}]}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/login-lockdown/trunk/libs/functions.php#L492","source":"security@wordfence.com","tags":["Product"]},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3033542%40login-lockdown%2Ftrunk&old=3027788%40login-lockdown%2Ftrunk&sfp_email=&sfph_mail=","source":"security@wordfence.com","tags":["Patch"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/34021007-b5d3-479b-a0d4-50e301f22c9c?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]},{"url":"https://plugins.trac.wordpress.org/browser/login-lockdown/trunk/libs/functions.php#L492","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3033542%40login-lockdown%2Ftrunk&old=3027788%40login-lockdown%2Ftrunk&sfp_email=&sfph_mail=","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/34021007-b5d3-479b-a0d4-50e301f22c9c?source=cve","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}