Loginizer <= 1.3.5 - Blind SQL Injection



Description
Blind SQL injection in the http-header: X-Forwarded-For and possible others.

Affects Plugin

fixed in version 1.3.6

References

CVE 2017-12650
URL https://blog.wpscans.com/sql-injection-and-csrf-security-vulnerability-in-loginizer/

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Submitter Jonas Lejon
Submitter Website https://wpscans.com
Submitter Twitter wpscans
Views 5383
Verified No
WPVDB ID 8883

Timeline

Publicly Published 2017-08-08 (almost 3 years ago)
Added 2017-08-08 (almost 3 years ago)
Last Updated 2019-11-01 (8 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin