CVE-2018-11366
NONE EPSS 80.2%
Published May 22, 20188y ago · Modified Jun 17, 20262w ago
Published May 22, 2018 8y ago
Last Modified Jun 17, 2026 2w ago
Description
init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting (XSS) because logging is mishandled. This is fixed in 1.4.0.
Threat Intelligence
EPSS Exploit Probability
80.2% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
Affected Products 2
References 4
- blog.dewhurstsecurity.com https://blog.dewhurstsecurity.com/2018/05/22/loginizer-wordpress-plugin-xss-vulnerability.html
- plugins.trac.wordpress.org https://plugins.trac.wordpress.org/changeset/1878502/loginizer
- wordpress.org https://wordpress.org/plugins/loginizer/#developers
- wpvulndb.com https://wpvulndb.com/vulnerabilities/9088
Remediation
- plugins.trac.wordpress.org https://plugins.trac.wordpress.org/changeset/1878502/loginizer