exploitDog

CVE-2020-27615

Опубликовано: 21 окт. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Высокий

Описание

The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip.

Ссылки

https://plugins.trac.wordpress.org/changeset/2401010/loginizer
Patch
Third Party Advisory
https://wpdeeply.com/loginizer-before-1-6-4-sqli-injection/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/10441
Third Party Advisory
https://www.zdnet.com/article/wordpress-deploys-forced-security-update-for-dangerous-bug-in-popular-plugin/
Third Party Advisory
https://plugins.trac.wordpress.org/changeset/2401010/loginizer
Patch
Third Party Advisory
https://wpdeeply.com/loginizer-before-1-6-4-sqli-injection/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/10441
Third Party Advisory
https://www.zdnet.com/article/wordpress-deploys-forced-security-update-for-dangerous-bug-in-popular-plugin/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:loginizer:loginizer:*:*:*:*:*:wordpress:*:*

Версия до 1.6.4 (исключая)

EPSS

Процентиль: 99%

0.80754

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-vf5c-prqq-g9f7

github

больше 3 лет назад

The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip.

EPSS

Процентиль: 99%

0.80754

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89