3 matches found
CVE-2015-8354
CVE-2015-8354 affects the WordPress Ultimate Member plugin (versions prior to 1.3.29). The root cause is lack of input filtering for the _refer parameter in wp-admin/users.php when update=confirm_delete, enabling an unauthenticated attacker to craft a link that executes arbitrary HTML/script in t...
WordPress Ultimate Member 1.3.28 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Product: Ultimate Member WordPress plugin Vendor: Ultimate Member Vulnerable Versions: 1.3.28 and probably prior Tested Version: 1.3.28 Advisory Publication: October 29, 2015 without technical details Vendor Notification: October 29, 2015 Vend...
WordPress Ultimate Member 1.3.28 Cross Site Scripting
Advisory ID: HTB23277 Product: Ultimate Member WordPress plugin Vendor: Ultimate Member Vulnerable Versions: 1.3.28 and probably prior Tested Version: 1.3.28 Advisory Publication: October 29, 2015 without technical details Vendor Notification: October 29, 2015 Vendor Patch: October 31, 2015 Publi...