CSRF Vulnerability in Loginizer Plugin's Blacklist and Whitelist IP Wizard

CSRF Vulnerability in Loginizer Plugin's Blacklist and Whitelist IP Wizard

CVE-2017-12651 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked.

Learn more about our Wordpress Pen Testing.