WP Clinic
Log in Sign up

PLUGIN SECURITY

Is Loginizer safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the Loginizer WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: loginizer
  • Requires PHP: 5.5+
  • Max supported PHP (analyzed): <8.0

Known vulnerabilities

  • Loginizer [loginizer] < 1.6.4 [CVE-2020-27615, Loginizer <= 1.6.3 - SQL Injection, Loginizer &lt; 1.6.4 - Unauthenticated SQL Injection]
  • Loginizer [loginizer] >= 1.3.8 - <= 1.3.9 [CVE-2018-11366, WordPress Loginizer plugin 1.3.8-1.3.9 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability, Loginizer 1.3.8-1.3.9 - Unauthenticated Stored Cross-Site Scripting, Loginizer 1.3.8-1.3.9 - Unauthenticated Stored Cross-Site Scripting (XSS)]
  • Loginizer [loginizer] < 1.3.6 [CVE-2017-12650, WordPress Loginizer plugin <=1.3.5 - Blind SQL Injection vulnerability, Loginizer <= 1.3.5 - Blind SQL Injection, Loginizer &lt;= 1.3.5 - Blind SQL Injection]
  • Loginizer [loginizer] < 1.3.6 [CVE-2017-12651, WordPress Loginizer plugin <=1.3.5 - Cross-Site Request Forgery (CSRF) vulnerability, Loginizer <= 1.3.5 - Cross-Site Request Forgery, Loginizer &lt;= 1.3.5 - Cross-Site Request Forgery (CSRF)]
  • Loginizer [loginizer] < 1.6.4 [WordPress Loginizer plugin <= 1.6.3 - Unauthenticated SQL Injection (SQLi) vulnerability]
+ 6 more known vulnerabilities
  • Loginizer [loginizer] < 1.7.6 [WordPress Loginizer Plugin <= 1.7.5 is vulnerable to Cross Site Scripting (XSS)]
  • Loginizer [loginizer] < 1.7.6 [WordPress Loginizer Plugin <= 1.7.5 is vulnerable to Cross Site Request Forgery (CSRF)]
  • Loginizer [loginizer] < 1.7.6 [CVE-2022-45084, Loginizer <= 1.7.5 - Reflected Cross-Site Scripting via 'name', Loginizer &lt; 1.7.6 - Reflected XSS]
  • Loginizer [loginizer] < 1.7.9 [CVE-2023-2296, WordPress Loginizer Plugin <= 1.7.8 is vulnerable to Cross Site Scripting (XSS), Loginizer <= 1.7.8 - Reflected Cross-Site Scripting via 'limit_session[count]', Loginizer 1.7.8 - Reflected XSS]
  • Loginizer [loginizer] < 1.7.6 [CVE-2022-45079, Loginizer <= 1.7.5 - Cross-Site Request Forgery, Loginizer &lt;= 1.7.5 - Cross-Site Request Forgery]
  • Loginizer [loginizer] < 1.9.3 [CVE-2024-10097, WordPress Loginizer Plugin <= 1.9.2 is vulnerable to Broken Authentication, WordPress Loginizer Security Plugin <= 1.9.2 is vulnerable to Broken Authentication, Loginizer Security and Loginizer <= 1.9.2 - Authentication Bypass via WordPress.com OAuth provider]

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Safer / more established alternatives

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.