CVE-2018-15876

Name of the Vulnerable Software and Affected Versions ajax-bootmodal-login plugin version 1.4.3

Description The issue concerns the ajax-bootmodal-login plugin for WordPress, where the register, login, and password-recovery forms require solving a CAPTCHA. However, this CAPTCHA is only required once per user session, allowing an attacker to send multiple requests through automation after solving the CAPTCHA a single time.

Recommendations For version 1.4.3, consider implementing a more robust CAPTCHA solution that requires verification for each action, or restrict the number of requests that can be made within a single user session to mitigate the risk of automation.