User Access Manager <= 2.0.8 – Authenticated Reflected Cross-Site Scripting (XSS)

Affects Plugins

user-access-manager

Fixed in 2.0.9

References

URL

https://www.defensecode.com/advisories/DC-2017-01-021_WordPress_User_Access_Manager_Plugin_Advisory.pdf

URL

https://seclists.org/bugtraq/2017/May/31

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

Yes

WPVDB ID

b0c6828b-44c1-4772-9b05-fb5afda6d386

Timeline

Publicly Published

2017-05-11 (about 9 years ago)

Added

2017-05-12 (about 9 years ago)

Last Updated

2019-11-01 (about 6 years ago)

Other

Published

Title

Published

2024-10-15

Title

Digitally <= 1.0.8 - Reflected Cross-Site Scripting

Published

2025-03-22

Title

ZenphotoPress <= 1.8 - Reflected Cross-Site Scripting

Published

2023-09-25

Title

PowerPress Podcasting < 11.0.12 - Contributor+ Stored XSS

Published

2024-10-31

Title

Media Library Tools < 1.5.0 - Author+ Stored XSS via SVG

Published

2023-10-16

Title

Contact Form Builder, Contact Widget <= 2.1.7 - Reflected XSS