CVE-2023-1912: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2023-1912) affects the WordPress plugin Limit Login Attempts versions prior to 1.7.2. The vulnerability was discovered by Marco Wotschka and publicly disclosed on April 6, 2023. This security issue affects websites using the plugin with the 'Site Connection' setting configured to 'From behind a reversy proxy' (WPScan, Wordfence).

The vulnerability stems from insufficient input sanitization and output escaping in the plugin's handling of IP addresses from headers such as X-Forwarded-For. When the 'Site Connection' setting is set to 'From behind a reversy proxy', the plugin fails to properly validate or sanitize the IP address before storing it in the logs, leading to a potential Stored Cross-Site Scripting (XSS) vulnerability. The issue has been assigned a CVSS score of 7.5 (High) (WPScan).

When successfully exploited, this vulnerability allows unauthenticated attackers to perform Stored Cross-Site Scripting attacks. The attacker can inject malicious JavaScript code that would be executed when administrators view the login attempts log page (WPScan).

The vulnerability has been patched in version 1.7.2 of the Limit Login Attempts plugin. Website administrators are strongly advised to update to this version immediately. If immediate updating is not possible, administrators should ensure their 'Site Connection' setting is not set to 'From behind a reversy proxy' unless absolutely necessary (WPScan).