PLUGIN SECURITY
Is Loginizer safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Loginizer WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
loginizer - Requires PHP: 5.5+
- Max supported PHP (analyzed): <8.0
Known vulnerabilities
- Loginizer [loginizer] < 1.6.4 [CVE-2020-27615, Loginizer <= 1.6.3 - SQL Injection, Loginizer < 1.6.4 - Unauthenticated SQL Injection]
- Loginizer [loginizer] >= 1.3.8 - <= 1.3.9 [CVE-2018-11366, WordPress Loginizer plugin 1.3.8-1.3.9 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability, Loginizer 1.3.8-1.3.9 - Unauthenticated Stored Cross-Site Scripting, Loginizer 1.3.8-1.3.9 - Unauthenticated Stored Cross-Site Scripting (XSS)]
- Loginizer [loginizer] < 1.3.6 [CVE-2017-12650, WordPress Loginizer plugin <=1.3.5 - Blind SQL Injection vulnerability, Loginizer <= 1.3.5 - Blind SQL Injection, Loginizer <= 1.3.5 - Blind SQL Injection]
- Loginizer [loginizer] < 1.3.6 [CVE-2017-12651, WordPress Loginizer plugin <=1.3.5 - Cross-Site Request Forgery (CSRF) vulnerability, Loginizer <= 1.3.5 - Cross-Site Request Forgery, Loginizer <= 1.3.5 - Cross-Site Request Forgery (CSRF)]
- Loginizer [loginizer] < 1.6.4 [WordPress Loginizer plugin <= 1.6.3 - Unauthenticated SQL Injection (SQLi) vulnerability]
+ 6 more known vulnerabilities
- Loginizer [loginizer] < 1.7.6 [WordPress Loginizer Plugin <= 1.7.5 is vulnerable to Cross Site Scripting (XSS)]
- Loginizer [loginizer] < 1.7.6 [WordPress Loginizer Plugin <= 1.7.5 is vulnerable to Cross Site Request Forgery (CSRF)]
- Loginizer [loginizer] < 1.7.6 [CVE-2022-45084, Loginizer <= 1.7.5 - Reflected Cross-Site Scripting via 'name', Loginizer < 1.7.6 - Reflected XSS]
- Loginizer [loginizer] < 1.7.9 [CVE-2023-2296, WordPress Loginizer Plugin <= 1.7.8 is vulnerable to Cross Site Scripting (XSS), Loginizer <= 1.7.8 - Reflected Cross-Site Scripting via 'limit_session[count]', Loginizer 1.7.8 - Reflected XSS]
- Loginizer [loginizer] < 1.7.6 [CVE-2022-45079, Loginizer <= 1.7.5 - Cross-Site Request Forgery, Loginizer <= 1.7.5 - Cross-Site Request Forgery]
- Loginizer [loginizer] < 1.9.3 [CVE-2024-10097, WordPress Loginizer Plugin <= 1.9.2 is vulnerable to Broken Authentication, WordPress Loginizer Security Plugin <= 1.9.2 is vulnerable to Broken Authentication, Loginizer Security and Loginizer <= 1.9.2 - Authentication Bypass via WordPress.com OAuth provider]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- WPS Hide Login — 2000000+ active installs — max PHP 8.4
- Security Optimizer – The All-In-One Protection Plugin — 1000000+ active installs — max PHP <8.0
- User Role Editor — 700000+ active installs — max PHP 8.4
- Members – Membership & User Role Editor Plugin — 300000+ active installs
- Limit Login Attempts — 300000+ active installs — max PHP 8.4
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.