WordPress Loginizer < 1.6.4 – Unauthenticated SQL Injection via `log` Parameter

The Loginizer plugin before 1.6.4 for WordPress allows SQL injection with resultant XSS, related to loginizerloginfailed and lzvalidip. id: CVE-2020-27615 info: name: WordPress Loginizer 1.6.4 – Unauthenticated SQL Injection via log Parameter author: intelligent-ears severity: critical descriptio...

EUVD-2017-4189

Malware in sbrugna...

EUVD-2018-3402

Malware in sbrugna...

EUVD-2017-4190

Malware in sbrugna...

EUVD-2022-48000

Malicious code in bioql PyPI...

EUVD-2024-32902

Malicious code in bioql PyPI...

EUVD-2023-33802

Malicious code in bioql PyPI...

EUVD-2022-48005

Malicious code in bioql PyPI...

CVE-2023-2296

The Loginizer WordPress plugin before 1.7.9 does not escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2022-45079

Cross-Site Request Forgery CSRF vulnerability in Softaculous Loginizer plugin = 1.7.5 versions...

CVE-2020-27615

The Loginizer plugin before 1.6.4 for WordPress allows SQL injection with resultant XSS, related to loginizerloginfailed and lzvalidip...

CVE-2018-11366

init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting XSS because logging is mishandled. This is fixed in 1.4.0...

CVE-2022-45084

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Softaculous Loginizer plugin = 1.7.5 versions...

CVE-2024-10097

The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to lo...

CVE-2024-10097

The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to lo...

CVE-2024-10097 Loginizer Security and Loginizer <= 1.9.2 - Authentication Bypass via WordPress.com OAuth provider

The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to lo...

CVE-2024-10097 Loginizer Security and Loginizer <= 1.9.2 - Authentication Bypass via WordPress.com OAuth provider

The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to lo...

CVE-2024-10097

CVE-2024-10097 (Loginizer WordPress plugins) is confirmed to allow authentication bypass via social login token verification flaws in Loginizer Security and Loginizer, affecting all versions up to and including 1.9.2. The root cause is insufficient verification of the user returned by the social ...

WordPress plugin Loginizer Security and Loginizer 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. An authorization issue...

WordPress Loginizer Security plugin <= 1.9.2 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by wesley wcraft in WordPress Plugin Loginizer Security versions = 1.9.2...