CVE-2018-15876

MEDIUM

Ajax Bootmodal Login - Improper Input Validation

Title source: rule

Description

An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for WordPress. The register form, login form, and password-recovery form require solving a CAPTCHA to perform actions. However, this is required only once per user session, and therefore one could send as many requests as one wished by automation.

Exploits (1)

github WRITEUP

by qq431169079 · htmlpoc

https://github.com/qq431169079/CVE/tree/master/CVE-2018-15876

View Code ZIP pw:eip

References (1)

[Third Party Advisory] https://github.com/aas-n/CVE/tree/master/ajax-bootmodal-login

Scores

CVSS v3 5.3

EPSS 0.0021

EPSS Percentile 43.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-20

Status published

Products (1)

ajax_bootmodal_login_project/ajax_bootmodal_login 1.4.3

Published Aug 26, 2018

Tracked Since Feb 18, 2026