Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.146188
Category:Web application abuses
Title:WordPress Ultimate Member Plugin < 2.1.20 XSS Vulnerability
Summary:The WordPress plugin Ultimate Member is prone to a cross-site; scripting (XSS) vulnerability.
Description:Summary:
The WordPress plugin Ultimate Member is prone to a cross-site
scripting (XSS) vulnerability.

Vulnerability Insight:
The Ultimate Member Member plugin does not properly sanitise,
validate or encode the query string when generating a link to edit user's own profile, leading to
an authenticated reflected XSS issue. Knowledge of the targeted username is required to exploit
this, and attackers would then need to make the related logged in user open a malicious link.

Affected Software/OS:
WordPress Ultimate Member plugin version 2.1.19 and prior.

Solution:
Update to version 2.1.20 or later.

CVSS Score:
3.5

CVSS Vector:
AV:N/AC:M/Au:S/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2021-24306
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.