CVE-2017-12651

HIGH

Loginizer < 1.3.5 - Cross-Site Request Forgery in IP Wizard

Title source: llm
STIX 2.1

Description

Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked.

References (3)

Core 3
Core References
Third Party Advisory x_refsource_confirm
https://sv.wordpress.org/plugins/loginizer/#developers
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/8884

Scores

CVSS v3 8.8
EPSS 0.0071
EPSS Percentile 49.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
loginizer/loginizer < 1.3.5
Published Aug 07, 2017
Tracked Since Feb 18, 2026