ThreatPress

WordPress Vulnerabilities Database

Back

WordPress UserPro plugin <= 4.9.33 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Product
Userpro
Description
Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability found in WordPress UserPro plugin (versions <= 4.9.33).
Solution
27 August 2019 - no patched version available.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
CVE
Name CVE-2019-14470
Versions
Affected In <= 4.9.33
Disclosure date
2019-08-27
Submitter
ThreatPress