ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Ultimate Member plugin <= 2.0.51 - Cross-Site Request Forgery (CSRF) and Stored Cross-Site Scripting (XSS) vulnerabilities

Product
Ultimate Member
Description
Cross-Site Request Forgery (CSRF) and Stored Cross-Site Scripting (XSS) vulnerabilities found by m0ns7er in WordPress Ultimate Member plugin (versions <= 2.0.51).
Solution
Update the WordPress Ultimate Member plugin to the latest available version (at least 2.0.52).
Classification
Type Multi
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 2.0.51
Fixed In 2.0.52
Disclosure date
2019-07-13
Credits
m0ns7er
Submitter
ThreatPress