Over one million WordPress sites receive forced update to security plugin after severe vulnerability discovered

Loginizer, a popular plugin for protecting WordPress blogs from brute force attacks, has been found to contain its own severe vulnerabilities that could be exploited by hackers.

The flaw, discovered by vulnerability researcher Slavco Mihajloski, opened up opportunities for cybercriminals to completely compromise WordPress sites.

The flaw can be exploited if a user attempts to log into a Loginizer-protected website with a carefully-crafted username. Vulnerable versions of Loginizer did not properly validate and sanitise the username to prevent SQL injection and Cross-Site Scripting (XSS)…


More Info

About mblog.my

Check Also

WordPress Considers Dropping Support for IE 11

High Maintenance for Developers Downsides of Dropping Support WordPress is Seeking Feedback Citation WordPress announced …

Leave a Reply

Your email address will not be published. Required fields are marked *