Description

The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade.

Remediation

References

CVE-2019-14947

Related Vulnerabilities

WordPress Plugin Sniplets Multiple Input Validation Vulnerabilities (1.2.2)

Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.9)

WordPress Plugin Yandex Money button Cross-Site Scripting (2.3.3)

MySQL CVE-2014-6469 Vulnerability (CVE-2014-6469)

WordPress Plugin 2Way VideoCalls and Random Chat-HTML5 Webcam Videochat Cross-Site Scripting (4.41)

Severity

Medium

Classification

CVE-2019-14947 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities