Description
Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field.
Remediation
References
Related Vulnerabilities
Moodle Cleartext Storage of Sensitive Information Vulnerability (CVE-2024-43429)
MySQL CVE-2024-21236 Vulnerability (CVE-2024-21236)
WordPress Plugin Simple Photo Gallery SQL Injection (1.7.9)
PHP Incorrect Conversion between Numeric Types Vulnerability (CVE-2018-5711)
phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-2505)