5.8 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
53.5%
Cross-site scripting (XSS) vulnerability in the Login With Ajax plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
plugins.trac.wordpress.org/changeset/541069
secunia.com/advisories/49013
wordpress.org/extend/plugins/login-with-ajax/changelog/