VDB
CVE-2015-4153
CVE-2015-4153
PUBLISHED
CVSS 5 MEDIUM
Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a load_template action to wp-admin/admin-ajax.php.
EPSS 45.89% · 97.7th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
45.89%
97.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| zanematthew | zm_ajax_login_\&_register | 0 |
Exploit Intelligence
- GLSA-201512-10 (circl)
- https://wordpress.org/plugins/zm-ajax-login-register/changelog/ (circl)
- 20150604 CVE-2015-4153 - WordPress zM Ajax Login & Register Plugin [Local File Inclusion] (circl)
- 75041 (circl)
- http://packetstormsecurity.com/files/132172/WordPress-zM-Ajax-Login-Register-1.0.9-Local-File-Inclusion.html (vulncheck-nvd)
- 37200 (cve.org)
- WordPress zM Ajax Login & Register Plugin 1.0.9 Local File Inclusion Vulnerability (0day-today)
- WordPress zM Ajax Login & Register Plugin 1.0.9 Local File Inclusion Vulnerability (0day-today)
Timeline
- Jun 4, 2015 PoC Published
- Jun 10, 2015 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
References
- http://www.securityfocus.com/archive/1/535682/100/0/threaded url
- http://www.securityfocus.com/bid/75041 url
- https://www.exploit-db.com/exploits/37200 url
- http://packetstormsecurity.com/files/132172/WordPress-zM-Ajax-Login-Register-1.0.9-Local-File-Inclusion.html url
- GLSA-201512-10 vendor-advisory
- 37200 exploit
- https://wordpress.org/plugins/zm-ajax-login-register/changelog/ url
- https://nvd.nist.gov/vuln/detail/CVE-2015-4153 advisory
- https://wordpress.org/plugins/zm-ajax-login-register/changelog url