Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
WordPress Plugin Login With Ajax Security Bypass (3.1.2) - Vulnerability Database

WordPress Plugin Login With Ajax Security Bypass (3.1.2)

Description

WordPress Plugin Login With Ajax is prone to a security bypass vulnerability. Attackers can exploit this vulnerability by registering new users even if registration is disabled in settings. WordPress Plugin Login With Ajax version 3.1.2 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 3.1.3 or latest

References

https://weizenspr.eu/2014/bug-in-login-with-ajax-plugin-erstellt-nutzeraccounts/
http://secunia.com/advisories/60767/

Related Vulnerabilities

WordPress Plugin Thrive Leads Security Bypass (2.3.9.3) High
Common tags: Missing Update Authentication Bypass
WordPress Plugin Simple Giveaways-Grow your business, email lists and traffic with contests Security Bypass (2.17.3) High
Common tags: Missing Update Authentication Bypass
WordPress Plugin iThemes Security (formerly Better WP Security) Security Bypass (5.3.5) High
Common tags: Missing Update Authentication Bypass
WordPress Plugin Insert or Embed Articulate Content into WordPress Security Bypass (4.2996) High
Common tags: Missing Update Authentication Bypass
WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Security Bypass (1.3.83) High
Common tags: Missing Update Authentication Bypass

Severity

High

Classification

CWE-284
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update
Authentication Bypass