CVE-2024-1340: CWE-862 Missing Authorization in webfactory Login Lockdown & Protection
The Login Lockdown – Protect Login Form plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the generate_export_file function in all versions up to, and including, 2.08. This makes it possible for authenticated attackers, with subscriber access and higher, to export this plugin's settings that include whitelisted IP addresses as well as a global unlock key. With the global unlock key an attacker can add their IP address to the whitelist.
AI Analysis
Technical Summary
CVE-2024-1340 is a missing authorization vulnerability (CWE-862) in the Login Lockdown – Protect Login Form WordPress plugin by webfactory. The issue lies in the generate_export_file function, which lacks proper capability checks, allowing authenticated users with subscriber-level access or higher to export sensitive plugin configuration data. This data includes whitelisted IP addresses and a global unlock key. An attacker leveraging the global unlock key can add their IP to the whitelist, potentially circumventing login lockdown protections. The vulnerability affects all versions up to and including 2.08. The CVSS 3.1 base score is 5.4 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N), reflecting network attack vector, low attack complexity, and limited privileges required.
Potential Impact
An authenticated attacker with subscriber or higher privileges can access sensitive plugin configuration data, including whitelisted IP addresses and a global unlock key. This exposure allows the attacker to add their IP address to the whitelist, potentially bypassing login restrictions enforced by the plugin. The impact includes limited confidentiality and integrity loss but no availability impact. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict subscriber-level access and higher to trusted users only. Monitor plugin updates from webfactory for a security patch addressing this missing authorization vulnerability.
CVE-2024-1340: CWE-862 Missing Authorization in webfactory Login Lockdown & Protection
Description
The Login Lockdown – Protect Login Form plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the generate_export_file function in all versions up to, and including, 2.08. This makes it possible for authenticated attackers, with subscriber access and higher, to export this plugin's settings that include whitelisted IP addresses as well as a global unlock key. With the global unlock key an attacker can add their IP address to the whitelist.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-1340 is a missing authorization vulnerability (CWE-862) in the Login Lockdown – Protect Login Form WordPress plugin by webfactory. The issue lies in the generate_export_file function, which lacks proper capability checks, allowing authenticated users with subscriber-level access or higher to export sensitive plugin configuration data. This data includes whitelisted IP addresses and a global unlock key. An attacker leveraging the global unlock key can add their IP to the whitelist, potentially circumventing login lockdown protections. The vulnerability affects all versions up to and including 2.08. The CVSS 3.1 base score is 5.4 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N), reflecting network attack vector, low attack complexity, and limited privileges required.
Potential Impact
An authenticated attacker with subscriber or higher privileges can access sensitive plugin configuration data, including whitelisted IP addresses and a global unlock key. This exposure allows the attacker to add their IP address to the whitelist, potentially bypassing login restrictions enforced by the plugin. The impact includes limited confidentiality and integrity loss but no availability impact. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict subscriber-level access and higher to trusted users only. Monitor plugin updates from webfactory for a security patch addressing this missing authorization vulnerability.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2024-02-07T21:35:00.199Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6d2bb7ef31ef0b56e8f2
Added to database: 2/25/2026, 9:44:11 PM
Last enriched: 4/9/2026, 1:35:07 PM
Last updated: 4/12/2026, 2:59:23 AM
Views: 12
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.