WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-9304)

Description

The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input.

Remediation

References

Related Vulnerabilities

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1893)

WordPress Plugin MStore API-Create Native Android & iOS Apps On The Cloud Security Bypass (4.10.7)

WordPress Plugin WP Fastest Cache SQL Injection (0.8.7.4)

WordPress Plugin Product Reviews Import Export for WooCommerce CSV Injection (1.4.8)

Handlebars Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8861)

Severity

Medium

Classification

CVE-2015-9304 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities