Ultimate Member < 2.1.20 – Authenticated Reflected Cross-Site Scripting (XSS) | CVE 2021-24306

Description

The plugin did not properly sanitise, validate or encode the query string when generating a link to edit user's own profile, leading to an authenticated reflected Cross-Site Scripting issue. Knowledge of the targeted username is required to exploit this, and attackers would then need to make the related logged in user open a malicious link.

Proof of Concept

Log on to the blog and open the following link: https://example.com/user/[your username]/?"><script>alert("XSS")</script>

Affects Plugins

ultimate-member

Fixed in 2.1.20

References

CVE

CVE-2021-24306

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

4.4 (medium)

Miscellaneous

Original Researcher

riki aji

Submitter

System_r

Verified

Yes

WPVDB ID

35516555-c50c-486a-886c-df49c9e51e2c

Timeline

Publicly Published

2021-05-07 (about 3 years ago)

Added

2021-05-07 (about 3 years ago)

Last Updated

2021-05-08 (about 3 years ago)

Other

Published

Title

Published

2015-10-05

Title

ResAds <= 1.0.1 - Reflected Cross-Site Scripting (XSS)

Published

2024-05-01

Title

Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.34 - Contributor+ Stored XSS

Published

2024-04-15

Title

Code Insert Manager (Q2W3 Inc Manager) <= 2.5.3 - Reflected Cross-Site Scripting

Published

2022-12-08

Title

Product list Widget for Woocommerce <= 1.0 - Reflected XSS

Published

2020-01-16

Title

Chained Quiz < 1.1.8.2 - Unauthenticated Reflected XSS