CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-4153

Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a load_template action to wp-admin/admin-ajax.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.273

EPSS Ranking 96.1%

CVSS Severity

CVSS v2 Score 5.0

References

http://packetstormsecurity.com/files/132172/WordPress-zM-Ajax-Login-Register-1.0.9-Local-File-Inclusion.html
http://www.securityfocus.com/archive/1/535682/100/0/threaded
http://www.securityfocus.com/bid/75041
https://security.gentoo.org/glsa/201512-10
https://wordpress.org/plugins/zm-ajax-login-register/changelog/
https://www.exploit-db.com/exploits/37200/
http://packetstormsecurity.com/files/132172/WordPress-zM-Ajax-Login-Register-1.0.9-Local-File-Inclusion.html
http://www.securityfocus.com/archive/1/535682/100/0/threaded
http://www.securityfocus.com/bid/75041
https://security.gentoo.org/glsa/201512-10
https://wordpress.org/plugins/zm-ajax-login-register/changelog/
https://www.exploit-db.com/exploits/37200/

Products affected by CVE-2015-4153

Zanematthew » Zm Ajax Login & Register » Version: 1.0.9

cpe:2.3:a:zanematthew:zm_ajax_login_&_register:1.0.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-4153

Products

Pricing

Contact Us