WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Ultimate Member < 2.0.22 - Authenticated Cross-Site Scripting (XSS)

Description

The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin was affected by an Authenticated Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

ultimate-member
Fixed in version 2.0.22

References

URL
https://plugins.trac.wordpress.org/changeset/1922149/ultimate-member

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter

Ryan Dewhurst

Submitter twitter
ethicalhack3r
Verified

No

WPVDB ID
0931056f-f13c-4eeb-874b-e708895fcb26

Timeline

Publicly Published

2018-08-10 (about 4 years ago)

Added

2018-08-13 (about 4 years ago)

Last Updated

2020-08-12 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin