WordPress Ultimate Member Plugin <= 1.3.28 - Reflected Cross Site Scripting

Back

Product: Ultimate Member
Description: Because of this vulnerability, attackers cat steal administrator's cookies, credentials and browser history and modify web page content to perform phishing attacks.
Solution: Update the plugin.
Classification: Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References: SecLists
CVE: Name CVE-N/A
Versions: Affected In <= 1.3.28
Fixed In 1.3.29
Disclosure date: 2015-12-02
Submitter: ThreatPress