bannertest3

Subscribe to Newsletter

Subscribe to get latest article or newsletter of our products

By entering your email, you agree to our Terms of Service and Privacy Policy.

Note: If a Loginizer account does not exist it will be created.

Buy Now
Loginizer 1.6.4 Security Fix

Hi,

We released Loginizer 1.6.4 on 16th October 2020 which includes two security issues fixed.

Please check if you are running running 1.6.4, if not we recommend you to upgrade to 1.6.4 immediately.

We did not disclose the details about security fix earlier so the users get time to upgrade the plugin in their WordPress installations.

WordPress team helped auto upgrading Loginizer plugin to 1.6.4 for a large percentage of users even for users who did not enable auto upgrade because this was a security fix. We also pushed the security upgrade via Softaculous so the WordPress installations done by Softaculous and having Loginizer were upgraded automatically. These two options helped upgrade a large portion of installations.

Following is the list of security issues fixed in Loginizer 1.6.4:

1) [Security Fix] : A properly crafted username used to login could lead to SQL injection. This has been fixed by using the prepare function in PHP which prepares the SQL query for safe execution.

2) [Security Fix] : If the IP HTTP header was modified to have a null byte it could lead to stored XSS. This has been fixed by properly sanitizing the IP HTTP header before using the same.

We would like to Thank Slavco from WPdeeply.com and WordPress.org Plugins team for helping us in this matter.

For any questions related to this version or upgrading difficulty feel free to contact us at support@loginizer.com

Regards,
The Loginizer Team

Newsletter Subscription
Subscribing you to the mailing list