Skip to main content

Loginizer

8 CVEs product

Monthly

CVE-2024-10097 HIGH PATCH This Week

The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass WordPress Loginizer
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-2296 MEDIUM POC This Month

The Loginizer WordPress plugin before 1.7.9 does not escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Loginizer
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-45079 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Loginizer
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2022-45084 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Loginizer
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2020-27615 CRITICAL POC PATCH THREAT Act Now

The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress SQLi Loginizer
NVD WPScan
CVSS 3.1
9.8
EPSS
53.6%
CVE-2018-11366 MEDIUM POC PATCH This Month

init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting (XSS) because logging is mishandled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress XSS PHP Loginizer
NVD
CVSS 3.0
6.1
EPSS
2.2%
CVE-2017-12651 HIGH This Week

Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP Loginizer
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-12650 CRITICAL Act Now

SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi Loginizer
NVD
CVSS 3.0
9.8
EPSS
0.6%
EPSS 1% CVSS 8.1
HIGH PATCH This Week

The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass WordPress Loginizer
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

The Loginizer WordPress plugin before 1.7.9 does not escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Loginizer
NVD WPScan
EPSS 0% CVSS 4.7
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Loginizer
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Loginizer
NVD
EPSS 54% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress SQLi +1
NVD WPScan
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting (XSS) because logging is mishandled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress XSS PHP +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi Loginizer
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy