Vulnerability CVE-2018-15876


Published: 2018-08-26

Description:
An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for WordPress. The register form, login form, and password-recovery form require solving a CAPTCHA to perform actions. However, this is required only once per user session, and therefore one could send as many requests as one wished by automation.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
WordPress Ajax BootModal Login 1.4.3 CAPTCHA Issue
Lyderic Lefebvre
08.09.2018

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Ajax bootmodal login project -> Ajax bootmodal login 

 References:
https://github.com/aas-n/CVE/tree/master/ajax-bootmodal-login

Copyright 2021, cxsecurity.com

 

Back to Top