Zanematthew Zm Ajax Login Register vulnerabilities
3 known vulnerabilities affecting zanematthew/zm_ajax_login_register.
Total CVEs
3
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2023-2027P2CRITICALCVSS 9.8≤ 2.0.22023-04-15
CVE-2023-2027 [CRITICAL] CWE-288 CVE-2023-2027: The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass in versions
The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.2. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an a
nvd
CVE-2015-4153P3MEDIUMCVSS 5.0PoC≤ 1.0.92015-06-10
CVE-2015-4153 [MEDIUM] CWE-22 CVE-2015-4153: Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress
Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a load_template action to wp-admin/admin-ajax.php.
nvd
CVE-2015-4465P4MEDIUMCVSS 4.3PoC≤ 1.0.92015-06-10
CVE-2015-4465 [MEDIUM] CWE-79 CVE-2015-4465: Cross-site scripting (XSS) vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for Wor
Cross-site scripting (XSS) vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd