Lucene search
WPScansPATCHSTACK:21D4E76F9D11BD7AB0FDEB9A3F9E8DBCHistoryAug 08, 2017 - 12:00 a.m.
WordPress Loginizer plugin <=1.3.5 - Blind SQL Injection vulnerability
2017-08-0800:00:00
WPScans
patchstack.com
6
EPSS
0.002
Percentile
52.8%
Blind SQL Injection vulnerability found by Jonas Lejon (WPScans) in WordPress Loginizer plugin version 1.3.5 and earlier versions. Vulnerable due to http-header forwarding without any sanitization to lz_selectquery() and then $wpdb->get_results().
Solution
Update the WordPress Loginizer plugin to the latest available version (at least 1.3.6).
References
Related
nvd
nvd
CVE-2017-12650
2017-08-07 17:29:00
cve
cve
CVE-2017-12650
2017-08-07 17:29:00
prion
prion
Sql injection
2017-08-07 17:29:00
cvelist
cvelist
CVE-2017-12650
2017-08-07 17:00:00
wpvulndb
wpvulndb
Loginizer <= 1.3.5 - Blind SQL Injection
2017-08-08 00:00:00
seebug
seebug
openvas
openvas
WordPress Loginizer Plugin <= 1.3.5 Multiple Vulnerabilities
2017-08-08 00:00:00