WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Ultimate Member <= 2.0.53 - Cross-Site Scripting (XSS)

Description

The changelog states:

"Added security fixes (XSS)"

Affects Plugins

ultimate-member
Fixed in version 2.0.54

References

CVE
CVE-2019-14945
URL
https://plugins.trac.wordpress.org/changeset/2126761/ultimate-member

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter

Ryan Dewhurst

Submitter twitter
ethicalhack3r
Verified

No

WPVDB ID
e68c8f73-429e-423b-884e-d03b24142d14

Timeline

Publicly Published

2019-07-22 (about 3 years ago)

Added

2019-08-13 (about 3 years ago)

Last Updated

2020-09-22 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin