Authentication Bypass in ZM Ajax Login & Register Plugin for WordPress
CVE-2023-2027

9.8CRITICAL

Key Information:

Vendor

WordPress
Status
Zm Ajax Login & Register
Vendor
CVE Published:
15 April 2023

What is CVE-2023-2027?

The ZM Ajax Login & Register plugin for WordPress, up to version 2.0.2, contains a vulnerability that allows unauthenticated attackers to bypass authentication mechanisms. This occurs due to inadequate verification of user credentials provided during the Facebook login process. Exploiting this flaw, attackers could gain unauthorized access to any existing user account on the site, including those with administrative privileges, provided they know the username.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ZM Ajax Login & Register * <= 2.0.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/zm-ajax-login-...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Lana Codes
JSON
.