Lucene search
+L

93 matches found

Vulnrichment
Vulnrichment
added 2023/05/22 9:36 a.m.8 views

CVE-2022-45079 WordPress Loginizer Plugin <= 1.7.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Softaculous Loginizer plugin = 1.7.5 versions...

4.7CVSS7.4AI score0.00271EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/05/22 12:0 a.m.4 views

WordPress Plugin Loginizer 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS7.9AI score0.00271EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/05/11 12:0 a.m.18 views

WordPress Loginizer Plugin <= 1.7.8 is vulnerable to Cross Site Scripting (XSS)

Software Loginizer Type Plugin Vulnerable versions = 1.7.8 Fixed in 1.7.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2296 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 867402dd8b92 Credits Erwan LR WPScan Required...

6.1CVSS5.6AI score0.00493EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2023/05/02 12:0 a.m.137 views

Loginizer 1.7.8 - Reflected XSS

The plugin does not escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below...

6.1CVSS8.6AI score0.00493EPSS
Exploits2
NVD
NVD
added 2023/04/24 3:15 p.m.24 views

CVE-2022-45084

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Softaculous Loginizer plugin = 1.7.5 versions...

6.3CVSS6.2AI score0.00435EPSS
Exploits0References1
OSV
OSV
added 2023/04/24 3:15 p.m.4 views

CVE-2022-45084

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Softaculous Loginizer plugin = 1.7.5 versions...

6.1CVSS5.8AI score0.00435EPSS
Exploits0References1
Prion
Prion
added 2023/04/24 3:15 p.m.14 views

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Softaculous Loginizer plugin = 1.7.5 versions...

5.8CVSS6AI score0.00435EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/24 2:12 p.m.60 views

CVE-2022-45084

CVE-2022-45084 affects the WordPress Softaculous/Loginizer plugin versions before 1.7.6 (i.e.,

7.1CVSS6AI score0.00435EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/24 2:12 p.m.9 views

CVE-2022-45084 WordPress Loginizer Plugin <= 1.7.5 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Softaculous Loginizer plugin = 1.7.5 versions...

7.1CVSS6AI score0.00435EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/04/24 2:12 p.m.41 views

CVE-2022-45084 WordPress Loginizer Plugin <= 1.7.5 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Softaculous Loginizer plugin = 1.7.5 versions...

6.3CVSS6.7AI score0.00435EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/04/24 12:0 a.m.4 views

WordPress plugin Loginizer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

7.1CVSS5.9AI score0.00435EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/24 12:0 a.m.7 views

PT-2023-14592 · WordPress · Softaculous Loginizer

Name of the Vulnerable Software and Affected Versions: Softaculous Loginizer plugin versions prior to 1.7.6 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowi...

7.1CVSS6AI score0.00435EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2022/12/05 12:0 a.m.23 views

Loginizer < 1.7.6 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin...

3.8AI score0.00435EPSS
Exploits0References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2021/04/12 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-27615

The Loginizer plugin before 1.6.4 for WordPress allows SQL injection with resultant XSS, related to loginizerloginfailed and lzvalidip...

9.8CVSS7.4AI score0.53619EPSS
Exploits4References1
Metasploit
Metasploit
added 2020/11/05 5:41 p.m.135 views

WordPress Loginizer log SQLi Scanner

Loginizer wordpress plugin contains an unauthenticated timebased SQL injection in versions before 1.6.4. The vulnerable parameter is in the log parameter. Wordpress has forced updates of the plugin to all servers Module Options msf use auxiliary/scanner/http/wploginizerlogsqli msf...

9.8CVSS9.7AI score0.53619EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2020/10/26 12:0 a.m.7 views

Loginizer Plugin for WordPress < 1.6.4 SQL Injection

The WordPress Loginizer Plugin installed on the remote host is affected by a SQL injection vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

8.4AI score
Exploits0References2
Check Point Advisories
Check Point Advisories
added 2020/10/26 12:0 a.m.85 views

WordPress Loginizer Plugin SQL injection (CVE-2020-27615)

An SQL injection vulnerability exists in WordPress Loginizer Plugin. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...

7.5CVSS3.2AI score0.53619EPSS
Exploits4
CNVD
CNVD
added 2020/10/23 12:0 a.m.61 views

WordPress Loginizer SQL Injection Vulnerability (CNVD-2020-58768)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Loginizer is the open source and free violence login protection plugin used in it. WordPress Loginizer version before 1.6.4 suffers fro...

9.8CVSS7.5AI score0.53619EPSS
Exploits4References1
Tenable Nessus
Tenable Nessus
added 2020/10/22 12:0 a.m.157 views

WordPress Loginizer plugin < 1.6.4 blind SQLi (CVE-2020-27615)

The Loginizer Plugin for WordPress running on the remote web server is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this issue to inject or manipulate SQL queries in the back-end database, resulting ...

9.8CVSS8.7AI score0.53619EPSS
Exploits4References3
NVD
NVD
added 2020/10/21 9:15 p.m.49 views

CVE-2020-27615

The Loginizer plugin before 1.6.4 for WordPress allows SQL injection with resultant XSS, related to loginizerloginfailed and lzvalidip...

9.8CVSS0.53619EPSS
Exploits4References4
Rows per page
Query Builder