CVE-2018-15876

{"id": "CVE-2018-15876", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2018-08-26T07:29:00.263", "references": [{"url": "https://github.com/aas-n/CVE/tree/master/ajax-bootmodal-login", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for WordPress. The register form, login form, and password-recovery form require solving a CAPTCHA to perform actions. However, this is required only once per user session, and therefore one could send as many requests as one wished by automation."}, {"lang": "es", "value": "Se ha descubierto un problema en el plugin ajax-bootmodal-login 1.4.3 para WordPress. Los formularios register, login y password-recovery requieren la resoluci\u00f3n de un CAPTCHA para realizar acciones. Sin embargo, esto solo se requiere una vez por sesi\u00f3n de usuario y, por lo tanto, se pueden enviar tantas peticiones como se desee por medio de la automatizaci\u00f3n."}], "lastModified": "2018-10-17T22:08:53.937", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ajax_bootmodal_login_project:ajax_bootmodal_login:1.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89C48503-7441-4433-AD66-E0220A80CBD5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}