5.3
CVE-2018-15876
- EPSS 0.95%
- Veröffentlicht 26.08.2018 07:29:00
- Zuletzt bearbeitet 21.11.2024 03:51:37
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAjax BootModal Login <= 1.4.3 - CAPTCHA Reuse
An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for WordPress. The register form, login form, and password-recovery form require solving a CAPTCHA to perform actions. However, this is required only once per user session, and therefore one could send as many requests as one wished by automation.
Mögliche Gegenmaßnahme
Ajax BootModal Login: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ajax Bootmodal Login Project ≫ Ajax Bootmodal Login Version1.4.3
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Ajax BootModal Login
Version
*-1.4.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.95% | 0.566 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://github.com/aas-n/CVE/tree/master/ajax-bootmodal-login
https://www.wordfence.com/threat-intel/vulnerabilities/id/bcac3b4e-b80f-4201-9e56-8990013c4ab9