Loginizer <= 1.3.5 - Cross-Site Request Forgery (CSRF)



Description
Due to insufficient security checks an attacker can remove blacklisted and whitelisted IP:s from the plugin using CSRF.

Affects Plugin

fixed in version 1.3.6

References

CVE 2017-12651
URL https://blog.wpscans.com/sql-injection-and-csrf-security-vulnerability-in-loginizer/

Classification

Type CSRF
CWE CWE-352

Miscellaneous

Submitter Jonas Lejon
Submitter Website https://wpscans.com
Submitter Twitter wpscans
Views 4517
Verified No
WPVDB ID 8884

Timeline

Publicly Published 2017-08-08 (almost 3 years ago)
Added 2017-08-08 (almost 3 years ago)
Last Updated 2019-11-01 (9 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin