93 matches found
WordPress Loginizer SQL Injection Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A security vulnerability in WordPress Loginizer's handling of the X-Forwarded-For HTTP packet header allows remote attackers ...
WordPress Loginizer plugin <=1.3.5 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found by Jonas Lejon WPScans in WordPress Loginizer plugin version 1.3.5 and earlier versions. The vulnerability exists in the init.php file of the "Blacklist and Whitelist IP Wizard." Solution Update the WordPress Loginizer plugin to the latest...
WordPress Loginizer plugin <=1.3.5 - Blind SQL Injection vulnerability
Blind SQL Injection vulnerability found by Jonas Lejon WPScans in WordPress Loginizer plugin version 1.3.5 and earlier versions. Vulnerable due to http-header forwarding without any sanitization to lzselectquery and then $wpdb-getresults. Solution Update the WordPress Loginizer plugin to the late...
WordPress Loginizer Plugin <= 1.3.5 Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.140287";...
Loginizer <= 1.3.5 - Cross-Site Request Forgery (CSRF)
Due to insufficient security checks an attacker can remove blacklisted and whitelisted IP:s from the plugin using CSRF...
CVE-2017-12651
Cross Site Request Forgery CSRF exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked...
CVE-2017-12650
SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header...
CVE-2017-12650
SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header...
Cross site request forgery (csrf)
Cross Site Request Forgery CSRF exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked...
Sql injection
SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header...
CVE-2017-12651
CVE-2017-12651 affects the WordPress Loginizer plugin (versions prior to 1.3.6). The vulnerability is a Cross-Site Request Forgery (CSRF) in the Blacklist and Whitelist IP Wizard (init.php) due to the HTTP Referer header not being checked. This can allow an attacker to manipulate IP blacklist/whi...
CVE-2017-12650
CVE-2017-12650 affects the WordPress Loginizer plugin prior to version 1.3.6. The root cause is improper sanitization of the X-Forwarded-For HTTP header, which is forwarded to the lz_selectquery() function and can be exploited to perform a blind SQL injection via the login workflow. Impact stated...
CVE-2017-12650
SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header...