CVE-2022-4762

The Materialis Companion WordPress plugin before 1.3.40 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

PT-2019-7668 · WordPress · Ultimate Member

Name of the Vulnerable Software and Affected Versions: Ultimate-member plugin versions prior to 1.3.40 Description: The issue concerns a Cross-Site Scripting XSS flaw located on the login form. Recommendations: For versions prior to 1.3.40, update to version 1.3.40 or later to resolve the issue...