Blind SQL Injection vulnerability found by Jonas Lejon (WPScans) in WordPress Loginizer plugin version 1.3.5 and earlier versions. Vulnerable due to http-header forwarding without any sanitization to lz_selectquery() and then $wpdb->get_results().
Update the WordPress Loginizer plugin to the latest available version (at least 1.3.6).