2 matches found
CVE-2018-11366
init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting XSS because logging is mishandled. This is fixed in 1.4.0...
CVE-2018-11366
CVE-2018-11366 affects the WordPress Loginizer plugin (versions 1.3.8–1.3.9). It is an Unauthenticated Stored Cross-Site Scripting (XSS) caused by mishandled logging in init.php, allowing injection of JavaScript on the Brute Force Settings page. The issue is fixed in version 1.4.0. Patch/update t...