← back
CVE-2018-17866

CVE-2018-17866

EPSS 1.6%
Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://serhack.me/articles/ultimate-member-xss-security-issuehttps://wordpress.org/plugins/ultimate-member/#developershttps://wpvulndb.com/vulnerabilities/9615