CVE-2018-11366

NONE EPSS 80.2%
Published May 22, 20188y ago · Modified Jun 17, 20262w ago
Find Similar
Published May 22, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting (XSS) because logging is mishandled. This is fixed in 1.4.0.

Threat Intelligence

EPSS Exploit Probability
80.2% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 2

VendorProductVersionRange
loginizerloginizer1.3.8any
loginizerloginizer1.3.9any

References 4

  • blog.dewhurstsecurity.com https://blog.dewhurstsecurity.com/2018/05/22/loginizer-wordpress-plugin-xss-vulnerability.html
    ExploitThird Party Advisory
  • plugins.trac.wordpress.org https://plugins.trac.wordpress.org/changeset/1878502/loginizer
    Patch
  • wordpress.org https://wordpress.org/plugins/loginizer/#developers
    Release Notes
  • wpvulndb.com https://wpvulndb.com/vulnerabilities/9088
    ExploitThird Party Advisory

Remediation