CVE-2025-11707: CWE-330 Use of Insufficiently Random Values in webfactory Login Lockdown & Protection
The Login Lockdown & Protection plugin for WordPress is vulnerable to IP Block Bypass in all versions up to, and including, 2.14. This is due to $unblock_key key being insufficiently random allowing unauthenticated users, with access to an administrative user email, to generate valid unblock keys for their IP Address. This makes it possible for unauthenticated attackers to bypass blocks due to invalid login attempts.
AI Analysis
Technical Summary
The Login Lockdown & Protection WordPress plugin suffers from an IP Block Bypass vulnerability caused by insufficient randomness in the generation of unblock keys ($unblock_key). Attackers with knowledge of an administrative user's email can generate valid unblock keys for their IP address, circumventing blocks triggered by invalid login attempts. This vulnerability affects all versions up to 2.14 and is tracked as CVE-2025-11707 with a CVSS 3.1 base score of 5.3.
Potential Impact
An attacker can bypass IP blocking mechanisms designed to prevent brute-force login attempts, potentially allowing repeated unauthorized login attempts without being blocked. The vulnerability does not directly impact confidentiality or availability but can lead to increased risk of unauthorized access attempts.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to administrative email addresses and monitor for suspicious login activity. Avoid relying solely on this plugin's IP blocking feature for brute-force protection.
CVE-2025-11707: CWE-330 Use of Insufficiently Random Values in webfactory Login Lockdown & Protection
Description
The Login Lockdown & Protection plugin for WordPress is vulnerable to IP Block Bypass in all versions up to, and including, 2.14. This is due to $unblock_key key being insufficiently random allowing unauthenticated users, with access to an administrative user email, to generate valid unblock keys for their IP Address. This makes it possible for unauthenticated attackers to bypass blocks due to invalid login attempts.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Login Lockdown & Protection WordPress plugin suffers from an IP Block Bypass vulnerability caused by insufficient randomness in the generation of unblock keys ($unblock_key). Attackers with knowledge of an administrative user's email can generate valid unblock keys for their IP address, circumventing blocks triggered by invalid login attempts. This vulnerability affects all versions up to 2.14 and is tracked as CVE-2025-11707 with a CVSS 3.1 base score of 5.3.
Potential Impact
An attacker can bypass IP blocking mechanisms designed to prevent brute-force login attempts, potentially allowing repeated unauthorized login attempts without being blocked. The vulnerability does not directly impact confidentiality or availability but can lead to increased risk of unauthorized access attempts.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to administrative email addresses and monitor for suspicious login activity. Avoid relying solely on this plugin's IP blocking feature for brute-force protection.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-10-13T19:44:59.728Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 693cef62d977419e584a4fd0
Added to database: 12/13/2025, 4:45:22 AM
Last enriched: 4/9/2026, 3:55:38 PM
Last updated: 5/8/2026, 11:48:38 PM
Views: 120
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.