Vulnerability Description
Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a load_template action to wp-admin/admin-ajax.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zanematthew | Zm Ajax Login \& Register | <= 1.0.9 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/132172/WordPress-zM-Ajax-Login-Register-1.0Exploit
- http://www.securityfocus.com/archive/1/535682/100/0/threaded
- http://www.securityfocus.com/bid/75041
- https://security.gentoo.org/glsa/201512-10
- https://wordpress.org/plugins/zm-ajax-login-register/changelog/Vendor Advisory
- https://www.exploit-db.com/exploits/37200/Exploit
- http://packetstormsecurity.com/files/132172/WordPress-zM-Ajax-Login-Register-1.0Exploit
- http://www.securityfocus.com/archive/1/535682/100/0/threaded
- http://www.securityfocus.com/bid/75041
- https://security.gentoo.org/glsa/201512-10
- https://wordpress.org/plugins/zm-ajax-login-register/changelog/Vendor Advisory
- https://www.exploit-db.com/exploits/37200/Exploit
FAQ
What is CVE-2015-4153?
CVE-2015-4153 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the templa...
How severe is CVE-2015-4153?
CVE-2015-4153 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-4153?
Check the references section above for vendor advisories and patch information. Affected products include: Zanematthew Zm Ajax Login \& Register.