WordPress Ultimate Member Plugin <= 1.3.28 - Reflected Cross Site Scripting
- Ultimate Member
- Because of this vulnerability, attackers cat steal administrator's cookies, credentials and browser history and modify web page content to perform phishing attacks.
- Update the plugin.
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
- Name CVE-N/A
Fixed In 1.3.29
- Disclosure date