CVE-2019-13488

A cross-site scripting XSS vulnerability in static/js/trape.js in Trape through 2019-05-08 allows remote attackers to inject arbitrary web script or HTML via the country, query, or refer parameter to the /register URI, because the jQuery prepend method is used...

Ultimate Member WordPress Plugin Reflective Cross-Site Scripting Vulnerability

Ultimate Member is a plugin for creating online communities and user templates for WordPress. Ultimate Member 1.3.28 and earlier versions do not effectively filter the value of the "refer" HTTP GET parameter of "wp-admin/users.php" when "update" is set to "confirmdelete", which allows an...