Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14946)

Description

The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations.

Remediation

References

Related Vulnerabilities

WordPress Plugin WP OAuth Server (OAuth Authentication) Security Bypass (3.1.4)

WordPress Plugin Register Plus Redux 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities (3.6.1)

Apache HTTP Server Resource Management Errors Vulnerability (CVE-2012-4557)

WordPress 5.1.x Multiple Vulnerabilities (5.1 - 5.1.4)

Sqlite Incorrect Conversion between Numeric Types Vulnerability (CVE-2019-19317)

Severity

Medium

Classification

CVE-2019-14946 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities