Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2022-1208
HistoryJun 13, 2022 - 1:15 p.m.

CVE-2022-1208

2022-06-1313:15:10
Google
osv.dev
4
wordpress
ultimate member
cross-site scripting

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

49.8%

JSON

The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient input sanitization and output escaping that allows users to encode malicious web scripts with HTML encoding that is reflected back on the page. This affects versions up to, and including, 2.3.2. Please note this issue was only partially fixed in version 2.3.2.

Related

wpvulndb 1
prion 1
cvelist 1
patchstack 1
nvd 1
cnvd 1
cve 1
openvas 1
wpvulndb
wpvulndb
Ultimate Member < 2.4.0 - Subscriber+ Stored Cross-Site Scripting
2022-06-02 00:00:00
prion
prion
Cross site scripting
2022-06-13 13:15:00
cvelist
cvelist
CVE-2022-1208
2022-06-13 12:43:38
patchstack
patchstack
WordPress Ultimate Member plugin <= 2.3.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
2022-06-02 00:00:00
nvd
nvd
CVE-2022-1208
2022-06-13 13:15:10
cnvd
cnvd
WordPress Ultimate Member pluginθ·¨η«™θ„šζœ¬ζΌζ΄ž
2022-06-15 00:00:00
cve
cve
CVE-2022-1208
2022-06-13 13:15:10
openvas
openvas
WordPress Ultimate Member Plugin <= 2.3.2 XSS Vulnerability
2022-06-14 00:00:00

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

49.8%

JSON
Related for OSV:CVE-2022-1208
wpvulndb1prion1cvelist1patchstack1nvd1cnvd1cve1openvas1