Medium severity6.1NVD Advisory· Published May 22, 2018· Updated Jun 17, 2026
CVE-2018-11366
CVE-2018-11366
Description
init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting (XSS) because logging is mishandled. This is fixed in 1.4.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2>=1.3.8,<=1.3.9+ 1 more
- (no CPE)range: >=1.3.8,<=1.3.9
- (no CPE)range: >=1.3.8, <=1.3.9
Patches
Vulnerability mechanics
References
4- plugins.trac.wordpress.org/changeset/1878502/loginizernvdPatch
- blog.dewhurstsecurity.com/2018/05/22/loginizer-wordpress-plugin-xss-vulnerability.htmlnvdExploitThird Party Advisory
- wpvulndb.com/vulnerabilities/9088nvdExploitThird Party Advisory
- wordpress.org/plugins/loginizer/nvdRelease Notes
News mentions
0No linked articles in our index yet.