Lucene search
+L

93 matches found

CNVD
CNVD
added 2017/08/08 12:0 a.m.9 views

WordPress Loginizer SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A security vulnerability in WordPress Loginizer's handling of the X-Forwarded-For HTTP packet header allows remote attackers ...

9.8CVSS9.3AI score0.01843EPSS
Exploits1References1
Patchstack
Patchstack
added 2017/08/08 12:0 a.m.20 views

WordPress Loginizer plugin <=1.3.5 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Jonas Lejon WPScans in WordPress Loginizer plugin version 1.3.5 and earlier versions. The vulnerability exists in the init.php file of the "Blacklist and Whitelist IP Wizard." Solution Update the WordPress Loginizer plugin to the latest...

8.8CVSS2.4AI score0.00714EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2017/08/08 12:0 a.m.21 views

WordPress Loginizer plugin <=1.3.5 - Blind SQL Injection vulnerability

Blind SQL Injection vulnerability found by Jonas Lejon WPScans in WordPress Loginizer plugin version 1.3.5 and earlier versions. Vulnerable due to http-header forwarding without any sanitization to lzselectquery and then $wpdb-getresults. Solution Update the WordPress Loginizer plugin to the late...

9.8CVSS2.9AI score0.01843EPSS
Exploits1References1Affected Software1
OpenVAS
OpenVAS
added 2017/08/08 12:0 a.m.47 views

WordPress Loginizer Plugin <= 1.3.5 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.140287";...

9.8CVSS9.1AI score0.01843EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2017/08/08 12:0 a.m.20 views

Loginizer <= 1.3.5 - Cross-Site Request Forgery (CSRF)

Due to insufficient security checks an attacker can remove blacklisted and whitelisted IP:s from the plugin using CSRF...

6.8CVSS2.9AI score0.00714EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2017/08/07 5:29 p.m.4 views

CVE-2017-12651

Cross Site Request Forgery CSRF exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked...

8.8CVSS5.8AI score0.00714EPSS
Exploits1References3
NVD
NVD
added 2017/08/07 5:29 p.m.23 views

CVE-2017-12650

SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header...

9.8CVSS10AI score0.01843EPSS
Exploits1References3
OSV
OSV
added 2017/08/07 5:29 p.m.4 views

CVE-2017-12650

SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header...

9.8CVSS5.8AI score0.01843EPSS
Exploits1References3
Prion
Prion
added 2017/08/07 5:29 p.m.14 views

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked...

6.8CVSS8.8AI score0.00714EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2017/08/07 5:29 p.m.16 views

Sql injection

SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header...

7.5CVSS9.9AI score0.01843EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2017/08/07 5:0 p.m.55 views

CVE-2017-12651

CVE-2017-12651 affects the WordPress Loginizer plugin (versions prior to 1.3.6). The vulnerability is a Cross-Site Request Forgery (CSRF) in the Blacklist and Whitelist IP Wizard (init.php) due to the HTTP Referer header not being checked. This can allow an attacker to manipulate IP blacklist/whi...

8.8CVSS8.8AI score0.00714EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2017/08/07 5:0 p.m.69 views

CVE-2017-12650

CVE-2017-12650 affects the WordPress Loginizer plugin prior to version 1.3.6. The root cause is improper sanitization of the X-Forwarded-For HTTP header, which is forwarded to the lz_selectquery() function and can be exploited to perform a blind SQL injection via the login workflow. Impact stated...

9.8CVSS9.9AI score0.01843EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2017/08/07 5:0 p.m.23 views

CVE-2017-12650

SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header...

10AI score0.01843EPSS
Exploits1References3
Rows per page
Query Builder