Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to wp-login.php.
2012-05-22T16:55:01.570
2025-04-11T00:51:21.963
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | netweblogic | login_with_ajax | ≤ 3.0.4 | Yes |
| Application | netweblogic | login_with_ajax | 2.1 | Yes |
| Application | netweblogic | login_with_ajax | 2.1.1 | Yes |
| Application | netweblogic | login_with_ajax | 2.1.2 | Yes |
| Application | netweblogic | login_with_ajax | 2.1.3 | Yes |
| Application | netweblogic | login_with_ajax | 2.1.4 | Yes |
| Application | netweblogic | login_with_ajax | 2.1.5 | Yes |
| Application | netweblogic | login_with_ajax | 2.2 | Yes |
| Application | netweblogic | login_with_ajax | 2.21 | Yes |
| Application | netweblogic | login_with_ajax | 3.0 | Yes |
| Application | netweblogic | login_with_ajax | 3.0.1 | Yes |
| Application | netweblogic | login_with_ajax | 3.0.2 | Yes |
| Application | netweblogic | login_with_ajax | 3.0.3 | Yes |
| Application | netweblogic | login_with_ajax | 3.0b | Yes |
| Application | wordpress | wordpress | * | No |