38 matches found
CVE-2020-27615
The Loginizer plugin before 1.6.4 for WordPress allows SQL injection with resultant XSS, related to loginizerloginfailed and lzvalidip...
CVE-2020-27615
The CVE-2020-27615 entry concerns the WordPress Loginizer plugin prior to 1.6.4. Affected component: loginizer_log or related backend SQL paths in the plugin. Root cause: unauthenticated SQL injection due to improper input handling (noted as via the log parameter, loginizer_login_failed, and lz_v...
PT-2020-16725
Name of the Vulnerable Software and Affected Versions: Loginizer plugin versions prior to 1.6.4 Description: The Loginizer plugin for WordPress is susceptible to SQL injection, potentially leading to cross-site scripting XSS. The issue is related to the loginizer login failed and lz valid ip...
Loginizer < 1.6.4 - Unauthenticated SQL Injection
The Loginizer WordPress plugin was found to be affected by an Unauthenticated SQL Injection vulnerability found by the security researcher mslavco. The vulnerability was triggered within the brute force protection functionality, which was enabled by default when the plugin was first installed. Wh...
WordPress Loginizer plugin 1.3.8-1.3.9 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability found by Leigh in WordPress Loginizer plugin versions 1.3.8-1.3.9. Solution Update the WordPress Loginizer plugin to the latest available version at least 1.4.0...
WordPress Loginizer Plugin Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.WordPress Loginizer plugin is one of the access control plugin. A cross-site scripting vulnerability exists in the...
CVE-2018-11366
init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting XSS because logging is mishandled. This is fixed in 1.4.0...
Cross site scripting
init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting XSS because logging is mishandled. This is fixed in 1.4.0...
CVE-2018-11366
init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting XSS because logging is mishandled. This is fixed in 1.4.0...
SQL Injection(CVE-2017-12650) and CSRF(CVE-2017-12651) Security Vulnerability in Loginizer
As part of a vulnerability research project for our WordPress Security Scanner at WPcans.com, we have been auditing popular WordPress plugins looking for security issues. While auditing the WordPress plugin Loginizer, we discovered a SQL Injection vulnerability and a Cross-Site Request Forgery...
Loginizer <= 1.3.5 - Cross-Site Request Forgery (CSRF)
Due to insufficient security checks an attacker can remove blacklisted and whitelisted IP:s from the plugin using CSRF...
WordPress Loginizer Plugin <= 1.3.5 Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.140287";...
CVE-2017-12651
Cross Site Request Forgery CSRF exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked...
CVE-2017-12650
SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header...
Cross site request forgery (csrf)
Cross Site Request Forgery CSRF exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked...
CVE-2017-12651
CVE-2017-12651 affects the WordPress Loginizer plugin (versions prior to 1.3.6). The vulnerability is a Cross-Site Request Forgery (CSRF) in the Blacklist and Whitelist IP Wizard (init.php) due to the HTTP Referer header not being checked. This can allow an attacker to manipulate IP blacklist/whi...
CVE-2017-12650
SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header...
CVE-2017-12650
CVE-2017-12650 affects the WordPress Loginizer plugin prior to version 1.3.6. The root cause is improper sanitization of the X-Forwarded-For HTTP header, which is forwarded to the lz_selectquery() function and can be exploited to perform a blind SQL injection via the login workflow. Impact stated...