Vulnerability in N/a
CVE-2020-27615
The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip.
EPSS: 0.863 (99.4th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
Public proof-of-concept exploits
References
- wpscan.com/vulnerability/10441 (x_refsource_MISC)
- wpdeeply.com/loginizer-before-1-6-4-sqli-injection/ (x_refsource_MISC)
- plugins.trac.wordpress.org/changeset/2401010/loginizer (x_refsource_MISC)
- www.zdnet.com/article/wordpress-deploys-forced-security-update-for-dangerous-bu… (x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-27615?
- CVE-2020-27615 is a vulnerability in N/a. Published 2020-10-21.
- Is CVE-2020-27615 known to be exploited?
- 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.