Описание
Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field.
Ссылки
- ExploitThird Party Advisory
- ProductRelease NotesThird Party Advisory
- ExploitThird Party Advisory
- ProductRelease NotesThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.28 (исключая)
cpe:2.3:a:ultimatemember:ultimate_member:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 48%
0.00248
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field.
EPSS
Процентиль: 48%
0.00248
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79