{"api_version":"1","generated_at":"2026-05-13T22:30:44+00:00","cve":"CVE-2017-12651","urls":{"html":"https://cve.report/CVE-2017-12651","api":"https://cve.report/api/cve/CVE-2017-12651.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-12651","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-12651"},"summary":{"title":"CVE-2017-12651","description":"Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked.","state":"PUBLISHED","assigner":"mitre","published_at":"2017-08-07 17:29:00","updated_at":"2025-04-20 01:37:25"},"problem_types":["CWE-352","n/a"],"metrics":[{"version":"3.0","source":"nvd@nist.gov","type":"Primary","score":"8.8","severity":"HIGH","vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6.8","severity":"","vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"https://wpvulndb.com/vulnerabilities/8884","name":"https://wpvulndb.com/vulnerabilities/8884","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Loginizer <= 1.3.5 - Cross-Site Request Forgery (CSRF)","mime":"text/html","httpstatus":"403","archivestatus":"200"},{"url":"https://blog.wpscans.com/sql-injection-and-csrf-security-vulnerability-in-loginizer/","name":"https://blog.wpscans.com/sql-injection-and-csrf-security-vulnerability-in-loginizer/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"SQL Injection and CSRF Security Vulnerability in Loginizer - WP Scans","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://sv.wordpress.org/plugins/loginizer/#developers","name":"https://sv.wordpress.org/plugins/loginizer/#developers","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Loginizer — WordPress Plugins","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-12651","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12651","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"12651","vulnerable":"1","versionEndIncluding":"1.3.5","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"loginizer","cpe5":"loginizer","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-05T18:43:56.450Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://blog.wpscans.com/sql-injection-and-csrf-security-vulnerability-in-loginizer/"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://sv.wordpress.org/plugins/loginizer/#developers"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://wpvulndb.com/vulnerabilities/8884"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2017-08-07T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-14T15:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_MISC"],"url":"https://blog.wpscans.com/sql-injection-and-csrf-security-vulnerability-in-loginizer/"},{"tags":["x_refsource_CONFIRM"],"url":"https://sv.wordpress.org/plugins/loginizer/#developers"},{"tags":["x_refsource_MISC"],"url":"https://wpvulndb.com/vulnerabilities/8884"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2017-12651","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://blog.wpscans.com/sql-injection-and-csrf-security-vulnerability-in-loginizer/","refsource":"MISC","url":"https://blog.wpscans.com/sql-injection-and-csrf-security-vulnerability-in-loginizer/"},{"name":"https://sv.wordpress.org/plugins/loginizer/#developers","refsource":"CONFIRM","url":"https://sv.wordpress.org/plugins/loginizer/#developers"},{"name":"https://wpvulndb.com/vulnerabilities/8884","refsource":"MISC","url":"https://wpvulndb.com/vulnerabilities/8884"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2017-12651","datePublished":"2017-08-07T17:00:00.000Z","dateReserved":"2017-08-07T00:00:00.000Z","dateUpdated":"2024-08-05T18:43:56.450Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2017-08-07 17:29:00","lastModifiedDate":"2025-04-20 01:37:25","problem_types":["CWE-352","n/a"],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:loginizer:loginizer:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"1.3.5","matchCriteriaId":"109D57F0-3B25-4130-9BF4-531FC2671F34"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"12651","Ordinal":"1","Title":"CVE-2017-12651","CVE":"CVE-2017-12651","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"12651","Ordinal":"1","NoteData":"Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked.","Type":"Description","Title":"CVE-2017-12651"},{"CveYear":"2017","CveId":"12651","Ordinal":"2","NoteData":"2017-08-07","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"12651","Ordinal":"3","NoteData":"2017-08-14","Type":"Other","Title":"Modified"}]}}}