CVE-2018-15876 — MEDIUM (5.3)

Vulnerability Description

An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for WordPress. The register form, login form, and password-recovery form require solving a CAPTCHA to perform actions. However, this is required only once per user session, and therefore one could send as many requests as one wished by automation.

CVSS Score

5.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Ajax Bootmodal Login Project	Ajax Bootmodal Login	1.4.3

Related Weaknesses (CWE)

CWE-20

References

https://github.com/aas-n/CVE/tree/master/ajax-bootmodal-loginThird Party Advisory
https://github.com/aas-n/CVE/tree/master/ajax-bootmodal-loginThird Party Advisory

FAQ

What is CVE-2018-15876?

CVE-2018-15876 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for WordPress. The register form, login form, and password-recovery form require solving a CAPTCHA to perform actions. However, this is...

How severe is CVE-2018-15876?

CVE-2018-15876 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-15876?

Check the references section above for vendor advisories and patch information. Affected products include: Ajax Bootmodal Login Project Ajax Bootmodal Login.