Cross-Site Scripting Vulnerability in NotFound Limit Max IPs Per User
CVE-2025-31455

7.1HIGH

Key Information:

Vendor: Notfound
Status: Limit Max Ips Per User
Vendor: CVE Published:; 1 April 2025

What is CVE-2025-31455?

The NotFound Limit Max IPs Per User plugin for WordPress contains a vulnerability that allows attackers to execute arbitrary JavaScript in the context of the user's browser, potentially leading to data theft or session hijacking. This DOM-based XSS vulnerability affects all versions up to and including 1.5, emphasizing the need for users to update and implement security measures to safeguard against exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Limit Max IPs Per User <= 1.5

References

https://patchstack.com/database/wordpress/plugin/limit-ma...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 1, 2025

JSON

Notfound