3 matches found
CVE-2022-1208
The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient input sanitization and output escaping that allows users to encode malicious web scripts with HTML encoding that is reflected...
WordPress Ultimate Member Plugin <= 2.3.2 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ultimatemember:ultimatemember"; ifdescription...
CVE-2022-1208
The CVE-2022-1208 entry concerns the WordPress Ultimate Member plugin. A stored cross-site scripting (XSS) flaw exists in the Biography field on individual user profile pages due to insufficient input sanitization and output escaping, allowing HTML-encoded scripts to be reflected on the page. Aff...