WordPress Plugin Vulnerabilities

Ultimate Member < 2.0.28 - Multiple XSS

Description

The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin was affected by a Multiple XSS security vulnerability.

Affects Plugins

ultimate-member

Fixed in version 2.0.28

References

CVE

CVE-2018-17866

URL

https://serhack.me/articles/ultimate-member-xss-security-issue

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Verified

WPVDB ID

01e8f289-004c-4817-a3c0-1e3043d1a55e

Timeline

Publicly Published

2018-10-06 (about 4 years ago)

Added

2019-08-23 (about 3 years ago)

Last Updated

2020-08-12 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin