VYPR

Loginizer

by Loginizer

Source repositories

CVEs (5)

  • CVE-2017-12650CriAug 7, 2017
    risk 0.64cvss 9.8epss 0.02

    SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header.

  • CVE-2017-12651HigAug 7, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked.

  • CVE-2022-45084MedApr 24, 2023
    risk 0.41cvss 6.3epss 0.00

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions.

  • CVE-2023-2296MedMay 30, 2023
    risk 0.40cvss 6.1epss 0.00

    The Loginizer WordPress plugin before 1.7.9 does not escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

  • CVE-2022-45079MedMay 22, 2023
    risk 0.31cvss 4.7epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions.