The ZM Ajax Login & Register WordPress plugin was affected by a Local File Inclusion & XSS security vulnerability.
packetstormsecurity.com/files/132172/
vulners.com/exploitdb/EDB-ID:37200