WordPress Plugin Vulnerabilities

Ultimate Member < 2.0.4 - Multiple XSS

Description

The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin was affected by a Multiple XSS security vulnerability.

Affects Plugins

Plugin icon
ultimate-member
Fixed in 2.0.4

References

CVE
CVE-2018-6944
CVE
CVE-2018-6943
URL
https://packetstormsecurity.com/files/#146403/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.7 (medium)

Miscellaneous

Verified
No
WPVDB ID
1afcaa72-6063-41f1-baec-8f4801d9220a

Timeline

Publicly Published
2018-02-14 (about 8 years ago)
Added
2019-08-24 (about 6 years ago)
Last Updated
2020-08-12 (about 5 years ago)

Other

Published
Title
Published
2015-08-05
Title
WordPress <= 4.2.3 - Widgets Title Cross-Site Scripting (XSS)
Published
2023-05-30
Title
AI-Engine < 1.6.83 - Admin+ Stored XSS
Published
2021-08-09
Title
WPFront Notification Bar < 2.1.0.08087 - Authenticated Stored XSS
Published
2022-12-02
Title
Chained Quiz < 1.3.2.1 - Multiple Reflected Cross-Site Scripting
Published
2025-01-25
Title
WC Affiliate – A Complete WooCommerce Affiliate Plugin < 2.5 - Reflected Cross-Site Scripting