Lucene search
K

4 matches found

CVE
CVE
added 2024/03/13 9:35 a.m.79 views

CVE-2024-2123

CVE-2024-2123 : The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin for WordPress is affected by a Stored Cross‑Site Scripting (XSS) in multiple parameters due to insufficient input sanitization and output escaping in versions up to 2...

7.2CVSS6.4AI score0.26666EPSS
Exploits0References7Affected Software1
The Hacker News
The Hacker News
added 2024/03/12 9:15 a.m.87 views

Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites

A new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code. According to Sucuri, the campaign has infected more than 3,900 sites over the past three weeks. "These attacks are orchestrated from domains less than ...

9.8CVSS7.2AI score0.89431EPSS
Exploits12
Wordfence Blog
Wordfence Blog
added 2024/03/08 7:18 p.m.35 views

Unauthenticated Stored XSS Vulnerability Patched in Ultimate Member WordPress Plugin

On February 28th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an unauthenticated stored Cross-Site Scripting XSS vulnerability in Ultimate Member, a WordPress plugin with more than 200,000+ active installations. This vulnerability can be leveraged to inject...

6.4CVSS5.4AI score0.26666EPSS
Exploits0
Patchstack
Patchstack
added 2024/03/08 12:0 a.m.19 views

WordPress Ultimate Member Plugin <= 2.8.3 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Member Type Plugin Vulnerable versions = 2.8.3 Fixed in 2.8.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2123 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4d51add86a5f Credits stealthcopter...

7.2CVSS5.7AI score0.26666EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder