Cross-Site Scripting Vulnerability in NotFound Limit Max IPs Per User
CVE-2025-31455

7.1HIGH

Key Information:

Vendor: Notfound
Status: Limit Max Ips Per User
Vendor: CVE Published:; 1 April 2025

What is CVE-2025-31455?

The NotFound Limit Max IPs Per User plugin for WordPress contains a vulnerability that allows attackers to execute arbitrary JavaScript in the context of the user's browser, potentially leading to data theft or session hijacking. This DOM-based XSS vulnerability affects all versions up to and including 1.5, emphasizing the need for users to update and implement security measures to safeguard against exploitation.

Affected Version(s)

Limit Max IPs Per User <= 1.5

References

https://patchstack.com/database/wordpress/plugin/limit-ma...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 1, 2025

Notfound

What is CVE-2025-31455?

Affected Version(s)

References

CVSS V3.1

Timeline