VYPR

Loginizer

by WordPress

Source repositories

CVEs (7)

  • CVE-2020-27615CriOct 21, 2020
    risk 0.71cvss 9.8epss 0.54

    The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip.

  • CVE-2017-12650CriAug 7, 2017
    risk 0.64cvss 9.8epss 0.02

    SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header.

  • CVE-2017-12651HigAug 7, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked.

  • CVE-2022-45084MedApr 24, 2023
    risk 0.41cvss 6.3epss 0.00

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions.

  • CVE-2023-2296MedMay 30, 2023
    risk 0.40cvss 6.1epss 0.00

    The Loginizer WordPress plugin before 1.7.9 does not escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

  • CVE-2018-11366MedMay 22, 2018
    risk 0.33cvss 6.1epss 0.02

    init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting (XSS) because logging is mishandled. This is fixed in 1.4.0.

  • CVE-2022-45079MedMay 22, 2023
    risk 0.31cvss 4.7epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions.