Vigil@nce - WordPress Login With Ajax: privilege escalation
September 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can register on WordPress Login With Ajax, in order to
escalate his privileges.
Impacted products: WordPress Plugins
Severity: 2/4
Creation date: 09/09/2014
DESCRIPTION OF THE VULNERABILITY
The Login With Ajax plugin can be installed on WordPress.
However, an attacker can register even if registration is disabled.
An attacker can therefore register on WordPress Login With Ajax,
in order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/WordPress-Login-With-Ajax-privilege-escalation-15295