2 matches found
CVE-2017-12650
SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header...
CVE-2017-12650
CVE-2017-12650 affects the WordPress Loginizer plugin prior to version 1.3.6. The root cause is improper sanitization of the X-Forwarded-For HTTP header, which is forwarded to the lz_selectquery() function and can be exploited to perform a blind SQL injection via the login workflow. Impact stated...