Vulnerability Discovered in Loginizer < 1.6.4
https://www.zdnet.comLoginizer WordPress plugin has 1 million+ active installations and can be used to provides security enhancements for the WordPress login page. In versions prior to 1.6.4, there is a SQL injection bug that could have allowed hackers to take over WordPress sites running older versions of the Loginizer plugin.
The bug is one of the worst security issues discovered in WordPress plugins in recent years, and it’s why the WordPress security team appears to have decided to forcibly push the Loginizer 1.6.4 patch to all affected sites.
The issue has been fixed in Version 1.6.4 which is available now from the WordPress Plugin Repo.