Beta

Report

Loginizer <= 1.6.3 is vulnerable to Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated
Published
2020-10-20

The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip.

CVE

https://www.cve.org/CVERecord?id=CVE-2020-27615

CVSS

Score:9.8

Severity:Critical

Version: 1.6.3

There is a patch available in v1.6.4 and we strongly recommend you update to this version as soon as possible.