|Category:||Web application abuses|
|Title:||WordPress Ultimate Member Plugin < 2.1.20 XSS Vulnerability|
|Summary:||The WordPress plugin Ultimate Member is prone to a cross-site; scripting (XSS) vulnerability.|
The WordPress plugin Ultimate Member is prone to a cross-site
scripting (XSS) vulnerability.
The Ultimate Member Member plugin does not properly sanitise,
validate or encode the query string when generating a link to edit user's own profile, leading to
an authenticated reflected XSS issue. Knowledge of the targeted username is required to exploit
this, and attackers would then need to make the related logged in user open a malicious link.
WordPress Ultimate Member plugin version 2.1.19 and prior.
Update to version 2.1.20 or later.
Common Vulnerability Exposure (CVE) ID: CVE-2021-24306|
|Copyright||Copyright (C) 2021 Greenbone Networks GmbH|
|This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.