WordPress Brute Force Plugin Loginizer SQLi vulnerability Causes Forced Plugin Update

Loginizer is the most popular Brute Force protection plugin for WordPress. Installed on over 1Million websites Loginizer blocks IP addresses after a number of failed login attempts.

This week the WordPress security team utilized one of their little known capabilities to force an update to all WordPress systems running the Loginizer Plugin.

Forcing an Update across all systems running WordPress is not common and generally receives a lot of backlash from the community.

However this vulnerability was an unauthenticated SQLi which is a High Severity alert.

All version of Loginizer < 1.6.4 were affected by this vulnerability.

Leave a Reply