Lucene search

CVE-2018-10234

🗓️ 23 Apr 2018 14:01:29Reported by mitreType

cve🔗 web.nvd.nist.gov👁 24 Views🌐 WEB

Authenticated XSS in User Profile & Membership plugin before 2.0.11 for WordPress

Reporter	Title	Published	Views	Family All 5
NVD	CVE-2018-10234	23 Apr 201814:29	–	nvd
Prion	Cross site scripting	23 Apr 201814:29	–	prion
Cvelist	CVE-2018-10234	23 Apr 201814:00	–	cvelist
Patchstack	WordPress WP Live Chat Support plugin <=8.0.07 - Authenticated Cross-Site Scripting (XSS) vulnerability	17 May 201800:00	–	patchstack
WPVulnDB	WP Live Chat Support < 8.0.08 - Cross-Site Scripting (XSS)	15 May 201800:00	–	wpvulndb

Nvd

Node

ultimatemember user_profile_\&_membershipRange<2.0.11wordpress

Source	Link
wordpress	www.wordpress.org/plugins/ultimate-member/
github	www.github.com/RiieCco/write-ups/tree/master/CVE-2018-10234

Parameter	Position	Path	Description	CWE
Account Deletion Custom Text	request body	/wp-admin/admin.php?page=um_options&section=account	Authenticated Cross-Site Scripting vulnerability in the User Profile & Membership plugin for WordPress.	CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

23 Apr 2018 14:29Current

5Medium risk

Vulners AI Score5

CVSS23.5

CVSS34.8

EPSS0.00073

CWE-79