Lucene search
+L

93 matches found

Patchstack
Patchstack
added 2024/11/04 8:50 p.m.8 views

WordPress Loginizer plugin <= 1.9.2 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by wesley wcraft in WordPress Plugin Loginizer versions = 1.9.2...

8.1CVSS7AI score0.00666EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/04 12:0 a.m.19 views

WordPress Loginizer Plugin <= 1.9.2 is vulnerable to Broken Authentication

Software Loginizer Type Plugin Vulnerable versions = 1.9.2 Fixed in 1.9.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10097 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 240cee809d7c Credits wesley wcraf...

8.1CVSS8AI score0.00666EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/11/04 12:0 a.m.15 views

WordPress Loginizer Security Plugin <= 1.9.2 is vulnerable to Broken Authentication

Software Loginizer Security Type Plugin Vulnerable versions = 1.9.2 Fixed in 1.9.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10097 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 39d130db7003 Credits...

8.1CVSS8AI score0.00666EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/04 12:0 a.m.7 views

PT-2024-16024 · WordPress · Loginizer

Name of the Vulnerable Software and Affected Versions: Loginizer Security and Loginizer plugins for WordPress versions up to, and including, 1.9.2 Description: The issue is due to insufficient verification on the user being returned by the social login token, making it possible for unauthenticate...

8.1CVSS7.4AI score0.00666EPSS
Exploits0References16
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.207 views

WordPress Loginizer Log SQL Injection Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Loginizer log SQLi Scanner', 'Description' = %q Loginizer wordpress plugin contains an unauthenticated timebased SQL injection in...

9.8CVSS7AI score0.53619EPSS
Exploits4
OpenVAS
OpenVAS
added 2023/06/07 12:0 a.m.16 views

WordPress Loginizer Plugin < 1.7.9 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:loginizer:loginizer"; if description...

6.1CVSS6.3AI score0.00493EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2023/06/07 12:0 a.m.14 views

WordPress Loginizer Plugin < 1.7.6 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:loginizer:loginizer"; if description...

8.8CVSS5.8AI score0.00435EPSS
Exploits0References2
OSV
OSV
added 2023/05/30 8:15 a.m.6 views

CVE-2023-2296

The Loginizer WordPress plugin before 1.7.9 does not escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.8AI score0.00493EPSS
Exploits2References1
NVD
NVD
added 2023/05/30 8:15 a.m.32 views

CVE-2023-2296

The Loginizer WordPress plugin before 1.7.9 does not escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6AI score0.00493EPSS
Exploits2References1
Prion
Prion
added 2023/05/30 8:15 a.m.16 views

Cross site scripting

The Loginizer WordPress plugin before 1.7.9 does not escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

5.8CVSS6AI score0.00493EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/30 7:49 a.m.9 views

CVE-2023-2296 Loginizer 1.7.8 - Reflected XSS

The Loginizer WordPress plugin before 1.7.9 does not escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6AI score0.00493EPSS
Exploits2References1
CVE
CVE
added 2023/05/30 7:49 a.m.86 views

CVE-2023-2296

The CVE-2023-2296 entry concerns the WordPress Loginizer plugin before version 1.7.9. The vulnerability is a reflected XSS caused by not escaping a parameter before outputting it in the page, which could be exploited against high-privilege users such as admins. Affected component: Loginizer plugi...

6.1CVSS6.1AI score0.00493EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/05/30 7:49 a.m.31 views

CVE-2023-2296 Loginizer 1.7.8 - Reflected XSS

The Loginizer WordPress plugin before 1.7.9 does not escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.2AI score0.00493EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/05/30 12:0 a.m.7 views

WordPress plugin Loginizer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

6.1CVSS6.3AI score0.00493EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/05/30 12:0 a.m.8 views

PT-2023-18801 · WordPress · Loginizer

Name of the Vulnerable Software and Affected Versions: Loginizer WordPress plugin versions prior to 1.7.9 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly escaped before being outputted back in the page. This could be...

6.1CVSS8.7AI score0.00493EPSS
Exploits2References5
OSV
OSV
added 2023/05/22 10:15 a.m.4 views

CVE-2022-45079

Cross-Site Request Forgery CSRF vulnerability in Softaculous Loginizer plugin = 1.7.5 versions...

8.8CVSS5.8AI score0.00271EPSS
Exploits0References1
NVD
NVD
added 2023/05/22 10:15 a.m.22 views

CVE-2022-45079

Cross-Site Request Forgery CSRF vulnerability in Softaculous Loginizer plugin = 1.7.5 versions...

8.8CVSS5.8AI score0.00271EPSS
Exploits0References1
Prion
Prion
added 2023/05/22 10:15 a.m.23 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Softaculous Loginizer plugin = 1.7.5 versions...

6.8CVSS8.7AI score0.00271EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/22 9:36 a.m.57 views

CVE-2022-45079

CVE-2022-45079 is a CSRF vulnerability in the WordPress Loginizer/Softaculous Loginizer plugin family, affecting versions up to 1.7.5 and rated high in CVSS (8.8). The issue is documented across multiple feeds (NVD/Red Hat/CVE.org) as a Cross-Site Request Forgery in this plugin. OpenVAS references

8.8CVSS6.5AI score0.00271EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/22 9:36 a.m.27 views

CVE-2022-45079 WordPress Loginizer Plugin <= 1.7.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Softaculous Loginizer plugin = 1.7.5 versions...

4.7CVSS9.1AI score0.00271EPSS
Exploits0References1
Rows per page
Query Builder