{"id":4537,"date":"2023-02-22T07:12:25","date_gmt":"2023-02-22T07:12:25","guid":{"rendered":"https:\/\/pdfarsivci.com\/?p=4537"},"modified":"2023-04-19T13:47:52","modified_gmt":"2023-04-19T13:47:52","slug":"wordpress-plugin-forced-suppressants-for-the","status":"publish","type":"post","link":"https:\/\/pdfarsivci.com\/wordpress-plugin-forced-suppressants-for-the.html","title":{"rendered":"WordPress plugin: forced suppressants for the &#8220;loginizer&#8221; because of dangerous cheeks"},"content":{"rendered":"<div style=\"text-align:center;\"><img decoding=\"async\" loading=\"lazy\" style=\"margin: 5px;\" src=\"https:\/\/pdfarsivci.com\/wp-content\/uploads\/sites\/731\/2023\/04\/wordpress-plugin-forced-suppressants-for-the_1.jpeg\" title=\"\" alt=\"WordPress plugin: forced suppressants for the'loginizer' wegen gefahrlicher lucke'loginizer' wegen gefahrlicher lucke\"  width=\"400\" height=\"225\" \/><\/div>\n<p>Since version 5.5 of the content management system (cms) wordpress is possible to activate automatic updates not only for the cms itself, but also for plugins. Normally this is an optional configuration. In the case of the popular plugins loginizer, however, the wordpress team made an exception to the wordpress team: from safety reasons, she pushed loginizer 1.6.4 as compulsory updates to wp installations in which the plugin is installed. Admins potentially affected sites should nevertheless check whether the update has arrived at them.<\/p>\n<p>Actually, the plugin loginizer, which is active in more than one million wp installations, has the task of protecting them from unauthorized login attempts. Among other things, it should ward off before brute force attacks by monitoring login experiments over certain ip addresses and blocking access when reaching a maximum access number. In the current case, however, a danger <strong>sql-injection bug in loginizer versions before 1.6.4<\/strong> the complete login protection. An attacker had signed up without valid access data and thus can compromise the complete installation.<\/p>\n<p>The bug was assigned the cve number cve-2020-27615.<\/p>\n<h3>Proof-of-concept code available<\/h3>\n<p>According to a short release of the lucke in the wpscan wordpress vulnerability database, the plugin logs login attempts with unknown usernames and stores them in a database in the backend. Due to missing control mechanisms, it was attackers up to the loginizer update to 1.6.4 apparently possible to install sql commands in invented usernames, which were then made to execution.<\/p>\n<p>According to wordpress vulnerability database, a proof-of-concept should actually be published until early november. However, slavco mihajloski, the discoverer of lucke, has published the code already on wednesday &#8211; probably due to the automatically distributed update.<\/p>\n<p>The code that allows the wordpress security team &quot;forced updates&quot; certainly, according to zdnn, should have been around since version 3.7 part of the wordpress codebase; however, so far only very rarely used it has been made.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Since version 5.5 of the content management system (cms) wordpress is possible to activate automatic updates not only for the cms itself, but also for plugins. Normally this is an &hellip; <a href=\"https:\/\/pdfarsivci.com\/wordpress-plugin-forced-suppressants-for-the.html\" class=\"more-link\">Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Wordpress plugin: forced suppressants for the &quot;loginizer&quot; because of dangerous cheeks - Pdfarsivci<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/pdfarsivci.com\/wordpress-plugin-forced-suppressants-for-the.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Wordpress plugin: forced suppressants for the &quot;loginizer&quot; because of dangerous cheeks - Pdfarsivci\" \/>\n<meta property=\"og:description\" content=\"Since version 5.5 of the content management system (cms) wordpress is possible to activate automatic updates not only for the cms itself, but also for plugins. Normally this is an &hellip; Read More\" \/>\n<meta property=\"og:url\" content=\"https:\/\/pdfarsivci.com\/wordpress-plugin-forced-suppressants-for-the.html\" \/>\n<meta property=\"og:site_name\" content=\"Pdfarsivci\" \/>\n<meta property=\"article:published_time\" content=\"2023-02-22T07:12:25+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-04-19T13:47:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pdfarsivci.com\/wp-content\/uploads\/sites\/731\/2023\/04\/wordpress-plugin-forced-suppressants-for-the_1.jpeg\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/pdfarsivci.com\/wordpress-plugin-forced-suppressants-for-the.html\",\"url\":\"https:\/\/pdfarsivci.com\/wordpress-plugin-forced-suppressants-for-the.html\",\"name\":\"Wordpress plugin: forced suppressants for the \\\"loginizer\\\" because of dangerous cheeks - Pdfarsivci\",\"isPartOf\":{\"@id\":\"https:\/\/pdfarsivci.com\/#website\"},\"datePublished\":\"2023-02-22T07:12:25+00:00\",\"dateModified\":\"2023-04-19T13:47:52+00:00\",\"author\":{\"@id\":\"https:\/\/pdfarsivci.com\/#\/schema\/person\/9757832f535e6ac17ef2b434ada4c4d5\"},\"breadcrumb\":{\"@id\":\"https:\/\/pdfarsivci.com\/wordpress-plugin-forced-suppressants-for-the.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/pdfarsivci.com\/wordpress-plugin-forced-suppressants-for-the.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/pdfarsivci.com\/wordpress-plugin-forced-suppressants-for-the.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/pdfarsivci.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"WordPress plugin: forced suppressants for the &#8220;loginizer&#8221; because of dangerous cheeks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/pdfarsivci.com\/#website\",\"url\":\"https:\/\/pdfarsivci.com\/\",\"name\":\"Pdfarsivci\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/pdfarsivci.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/pdfarsivci.com\/#\/schema\/person\/9757832f535e6ac17ef2b434ada4c4d5\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/pdfarsivci.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/pdfarsivci.com\/wp-content\/wphb-cache\/gravatar\/48d\/48d232dc18ef12b4140b5549df65adddx96.jpg\",\"contentUrl\":\"https:\/\/pdfarsivci.com\/wp-content\/wphb-cache\/gravatar\/48d\/48d232dc18ef12b4140b5549df65adddx96.jpg\",\"caption\":\"admin\"},\"url\":\"https:\/\/pdfarsivci.com\/author\/admin\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Wordpress plugin: forced suppressants for the \"loginizer\" because of dangerous cheeks - Pdfarsivci","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/pdfarsivci.com\/wordpress-plugin-forced-suppressants-for-the.html","og_locale":"en_US","og_type":"article","og_title":"Wordpress plugin: forced suppressants for the \"loginizer\" because of dangerous cheeks - Pdfarsivci","og_description":"Since version 5.5 of the content management system (cms) wordpress is possible to activate automatic updates not only for the cms itself, but also for plugins. Normally this is an &hellip; Read More","og_url":"https:\/\/pdfarsivci.com\/wordpress-plugin-forced-suppressants-for-the.html","og_site_name":"Pdfarsivci","article_published_time":"2023-02-22T07:12:25+00:00","article_modified_time":"2023-04-19T13:47:52+00:00","og_image":[{"url":"https:\/\/pdfarsivci.com\/wp-content\/uploads\/sites\/731\/2023\/04\/wordpress-plugin-forced-suppressants-for-the_1.jpeg"}],"author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/pdfarsivci.com\/wordpress-plugin-forced-suppressants-for-the.html","url":"https:\/\/pdfarsivci.com\/wordpress-plugin-forced-suppressants-for-the.html","name":"Wordpress plugin: forced suppressants for the \"loginizer\" because of dangerous cheeks - Pdfarsivci","isPartOf":{"@id":"https:\/\/pdfarsivci.com\/#website"},"datePublished":"2023-02-22T07:12:25+00:00","dateModified":"2023-04-19T13:47:52+00:00","author":{"@id":"https:\/\/pdfarsivci.com\/#\/schema\/person\/9757832f535e6ac17ef2b434ada4c4d5"},"breadcrumb":{"@id":"https:\/\/pdfarsivci.com\/wordpress-plugin-forced-suppressants-for-the.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/pdfarsivci.com\/wordpress-plugin-forced-suppressants-for-the.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/pdfarsivci.com\/wordpress-plugin-forced-suppressants-for-the.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/pdfarsivci.com\/"},{"@type":"ListItem","position":2,"name":"WordPress plugin: forced suppressants for the &#8220;loginizer&#8221; because of dangerous cheeks"}]},{"@type":"WebSite","@id":"https:\/\/pdfarsivci.com\/#website","url":"https:\/\/pdfarsivci.com\/","name":"Pdfarsivci","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/pdfarsivci.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/pdfarsivci.com\/#\/schema\/person\/9757832f535e6ac17ef2b434ada4c4d5","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/pdfarsivci.com\/#\/schema\/person\/image\/","url":"https:\/\/pdfarsivci.com\/wp-content\/wphb-cache\/gravatar\/48d\/48d232dc18ef12b4140b5549df65adddx96.jpg","contentUrl":"https:\/\/pdfarsivci.com\/wp-content\/wphb-cache\/gravatar\/48d\/48d232dc18ef12b4140b5549df65adddx96.jpg","caption":"admin"},"url":"https:\/\/pdfarsivci.com\/author\/admin"}]}},"_links":{"self":[{"href":"https:\/\/pdfarsivci.com\/wp-json\/wp\/v2\/posts\/4537"}],"collection":[{"href":"https:\/\/pdfarsivci.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pdfarsivci.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pdfarsivci.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/pdfarsivci.com\/wp-json\/wp\/v2\/comments?post=4537"}],"version-history":[{"count":0,"href":"https:\/\/pdfarsivci.com\/wp-json\/wp\/v2\/posts\/4537\/revisions"}],"wp:attachment":[{"href":"https:\/\/pdfarsivci.com\/wp-json\/wp\/v2\/media?parent=4537"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pdfarsivci.com\/wp-json\/wp\/v2\/categories?post=4537"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pdfarsivci.com\/wp-json\/wp\/v2\/tags?post=4537"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}