Description

core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.

Remediation

References

CVE-2018-6944

Related Vulnerabilities

WordPress Plugin On Page SEO + Social Live Chat (Formerly OPS) Cross-Site Scripting (1.0.1)

WordPress Plugin Product Catalog Multiple Vulnerabilities (3.1.2)

Apache HTTP Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-7679)

Apache HTTP Server Improper Input Validation Vulnerability (CVE-2015-0228)

WordPress Plugin Ninja Forms with File Uploads Extension Multiple Vulnerabilities (3.0.22)

Severity

Medium

Classification

CVE-2018-6944 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities