The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip.
Published: 2020-10-22
In a rare move, the WordPress Security Team forced a plugin update to over one million sites to address a vulnerability in a popular WordPress plugin used for brute force protection.