ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Ajax BootModal Login plugin <= 1.4.3 - CAPTCHA reuse vulnerability

Product
Ajax BootModal Login
Description
CAPTCHA reuse (required only once per user session) vulnerability found by Lydéric Lefebvre and Fabien Haureils in WordPress Ajax BootModal Login plugin (versions <= 1.4.3).
Solution
2018.09.01 - we were unable to find a patched version of this plugin.
Classification
Type BYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
References
Plugin changelog
CVE
Name CVE-2018-15876
Versions
Affected In <= 1.4.3
Disclosure date
2018-09-01
Credits
aas-n
Submitter
ThreatPress