WordPress Plugin Vulnerabilities

Login With Ajax < 4.2 - Missing Authorization

Description

The Login With Ajax plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
login-with-ajax
Fixed in 4.2

References

CVE
CVE-2023-49859
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/f11926c8-2b31-4ad5-9fd0-225071a91b2a

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Abdi Pranata
Verified
No
WPVDB ID
b67a984e-329c-4165-a438-95e34ceca8f0

Timeline

Publicly Published
2023-12-07 (about 2 years ago)
Added
2023-12-10 (about 2 years ago)
Last Updated
2024-02-23 (about 2 years ago)

Other

Published
Title
Published
2025-09-16
Title
Wide Banner <= 1.0.4 - Missing Authorization
Published
2024-03-19
Title
Coming Soon, Under Construction & Maintenance Mode By Dazzler < 2.1.3 - Maintenance Mode Bypass
Published
2024-02-22
Title
Relevanssi < 4.22.1 - Unauthenticated Query Log Export
Published
2025-10-10
Title
MSTW CSV EXPORTER <= 1.4 - Missing Authorization
Published
2024-11-08
Title
Debug Tool <= 2.2 - Unauthenticated Arbitrary File Creation