Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-3v3h-r6wq-rvgg

Опубликовано: 13 мар. 2024
Источник: github
Github: Не прошло ревью
CVSS3: 7.2

Описание

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Ссылки

EPSS

Процентиль: 97%
0.4129
Средний

7.2 High

CVSS3

CVE ID

CVE-2024-2123

Связанные уязвимости

nvd логотип

CVE-2024-2123

CVSS3: 7.2
nvd
почти 2 года назад

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

EPSS

Процентиль: 97%
0.4129
Средний

7.2 High

CVSS3

CVE ID

CVE-2024-2123