3 matches found
CVE-2021-24306
The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin before 2.1.20 did not properly sanitise, validate or encode the query string when generating a link to edit user's own profile, leading to an authenticated reflected Cross-Site Scripting issue...
CVE-2021-24306
The vulnerability CVE-2021-24306 affects the WordPress plugin Ultimate Member – User Profile, User Registration, Login & Membership, before version 2.1.20. The root cause is inadequate sanitization/validation/encoding of the query string when generating a link to edit a user’s own profile, enabli...
CVE-2021-24306 Ultimate Member < 2.1.20 - Authenticated Reflected Cross-Site Scripting (XSS)
The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin before 2.1.20 did not properly sanitise, validate or encode the query string when generating a link to edit user's own profile, leading to an authenticated reflected Cross-Site Scripting issue...