WordPress Plugin Vulnerabilities

Loginizer <= 1.3.5 - Blind SQL Injection

Description

Blind SQL injection in the http-header: X-Forwarded-For and possible others.

Affects Plugins

Plugin icon
loginizer
Fixed in 1.3.6

References

CVE
CVE-2017-12650
URL
https://blog.wpscans.com/sql-injection-and-csrf-security-vulnerability-in-loginizer/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Submitter
Jonas Lejon
Submitter website
https://wpscans.com
Submitter twitter
wpscans
Verified
No
WPVDB ID
366f95d4-b3a9-4731-aa8b-c2b5c4c797c0

Timeline

Publicly Published
2017-08-08 (about 8 years ago)
Added
2017-08-08 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2015-07-23
Title
SendPress Newsletters < 1.2 - Authenticated SQL Injection
Published
2022-02-15
Title
Photo Gallery by 10Web < 1.6.0 - Unauthenticated SQL Injection
Published
2021-10-18
Title
SEO Redirection < 8.2 - Subscriber+ SQL Injection
Published
2014-10-05
Title
WP eCommerce <= 3.8.7.5 - Unspecified SQL Injection
Published
2024-04-22
Title
WP-Recall – Registration, Profile, Commerce & More < 16.26.6 - Authenticated (Contributor+) SQL Injection