ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Ultimate Member Plugin <= 1.2.994 - Cross Site Scripting

Product
Ultimate Member
Description
This plugin is prone to a cross site scripting vulnerability, because attackers load data from a location. After that, data from that location is output on the target domain and JavaScript is executed under the context of the current user of the site.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Research-G0blin
CVE
Name CVE-N/A
Versions
Affected In <= 1.2.994
Fixed In 1.2.995
Disclosure date
2015-06-18
Credits
James Hooker