CVE-2018-6944

2018-02-1614:29:00

Google

osv.dev

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.3%

JSON

core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.

CPENameOperatorVersion
ultimatemembereq1.3.88.4
ultimatemembereq1.3.44
ultimatemembereq1.3.39
ultimatemembereq1.3.59
ultimatemembereq1.3.42
ultimatemembereq1.3.88.1
ultimatemembereqpre-v1.3.69.16
ultimatemembereqpre-v1.3.69.23
ultimatemembereq1.3.71
ultimatemembereq1.3.65

Name	Operator	Version
ultimatemember	eq	1.3.88.4
ultimatemember	eq	1.3.44
ultimatemember	eq	1.3.39
ultimatemember	eq	1.3.59
ultimatemember	eq	1.3.42
ultimatemember	eq	1.3.88.1
ultimatemember	eq	pre-v1.3.69.16
ultimatemember	eq	pre-v1.3.69.23
ultimatemember	eq	1.3.71
ultimatemember	eq	1.3.65