|Category:||Web application abuses|
|Title:||WordPress Loginizer Plugin < 1.6.4 - Multiple Vulnerabilities|
|Summary:||The WordPress plugin Loginizer is prone to multiple vulnerabilities.|
The WordPress plugin Loginizer is prone to multiple vulnerabilities.
The following flaws exist:
- A properly crafted username used to login could lead to SQL injection (CVE-2020-27615)
- If the IP HTTP header was modified to have a null byte it could lead to stored XSS
- Successful exploitation of this vulnerability would allow a remote attacker
to execute arbitrary SQL commands on the affected system (CVE-2020-27615)
- Successful exploitation would allow an attacker to inject arbitrary script code into an affected site
WordPress Loginizer plugin before version 1.6.4.
Update to version 1.6.4 or later.
Common Vulnerability Exposure (CVE) ID: CVE-2020-27615|
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.