4 matches found
CVE-2024-2123
CVE-2024-2123 : The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress is affected by a Stored Cross‑Site Scripting (XSS) in multiple parameters due to insufficient input sanitization and output escaping in versions up to 2...
Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites
A new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code. According to Sucuri, the campaign has infected more than 3,900 sites over the past three weeks. "These attacks are orchestrated from domains less than ...
Unauthenticated Stored XSS Vulnerability Patched in Ultimate Member WordPress Plugin
On February 28th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an unauthenticated stored Cross-Site Scripting XSS vulnerability in Ultimate Member, a WordPress plugin with more than 200,000+ active installations. This vulnerability can be leveraged to inject...
WordPress Ultimate Member Plugin <= 2.8.3 is vulnerable to Cross Site Scripting (XSS)
Software Ultimate Member Type Plugin Vulnerable versions = 2.8.3 Fixed in 2.8.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2123 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4d51add86a5f Credits stealthcopter...