Vulnerabilities > Loginizer > Loginizer > 1.3.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-30 | CVE-2023-2296 | Unspecified vulnerability in Loginizer The Loginizer WordPress plugin before 1.7.9 does not escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
2023-05-22 | CVE-2022-45079 | Cross-Site Request Forgery (CSRF) vulnerability in Loginizer Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions. | 8.8 |
2023-04-24 | CVE-2022-45084 | Cross-site Scripting vulnerability in Loginizer Unauth. | 6.1 |
2020-10-21 | CVE-2020-27615 | SQL Injection vulnerability in Loginizer The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip. | 7.5 |