CVE-2018-16285
CVE-2018-16285 affects the WordPress WordPress UserPro premium plugin up to version 4.9.23. The vulnerability is an XSS in the shortcode handling: attacker-supplied content passed to the userpro_shortcode_template action is reflected into wp-admin/admin-ajax.php, enabling cross-site scripting. Im...