CVE-2017-12651

Published: Aug 7, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked.

Affected (1)

Products: Loginizer: Loginizer

Loginizer

1 product

Loginizer

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Loginizer Loginizer	Up to 1.3.5

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

https://blog.wpscans.com/sql-injection-and-csrf-security-vulnerability-in-loginizer/

Source: cve@mitre.org

Third Party Advisory

https://sv.wordpress.org/plugins/loginizer/#developers

Source: cve@mitre.org

Third Party Advisory

https://wpvulndb.com/vulnerabilities/8884

Source: cve@mitre.org

Third Party Advisory

https://blog.wpscans.com/sql-injection-and-csrf-security-vulnerability-in-loginizer/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://sv.wordpress.org/plugins/loginizer/#developers

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://wpvulndb.com/vulnerabilities/8884

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.