WordPress Plugin Vulnerabilities

Loginizer <= 1.3.5 - Cross-Site Request Forgery (CSRF)

Description

Due to insufficient security checks an attacker can remove blacklisted and whitelisted IP:s from the plugin using CSRF.

Affects Plugins

Plugin icon
loginizer
Fixed in 1.3.6

References

CVE
CVE-2017-12651
URL
https://blog.wpscans.com/sql-injection-and-csrf-security-vulnerability-in-loginizer/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
8.8 (high)

Miscellaneous

Submitter
Jonas Lejon
Submitter website
https://wpscans.com
Submitter twitter
wpscans
Verified
No
WPVDB ID
743a3ad1-33f9-4fb0-b3c9-1e112da6862c

Timeline

Publicly Published
2017-08-08 (about 8 years ago)
Added
2017-08-08 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2023-09-04
Title
WP-dTree <= 4.4.5 - Settings Update via CSRF
Published
2022-09-26
Title
Oceanwp Sticky Header <= 1.0.8 - CSRF
Published
2025-04-01
Title
Product Notices for WooCommerce <= 1.3.3 - Cross-Site Request Forgery
Published
2025-07-03
Title
yContributors <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2022-09-05
Title
Login Block IPs <= 1.0.0 - Arbitrary Setting Update via CSRF