Lucene search
WPScanCVELIST:CVE-2021-24306HistoryMay 24, 2021 - 10:58 a.m.
CVE-2021-24306 Ultimate Member < 2.1.20 - Authenticated Reflected Cross-Site Scripting (XSS)
2021-05-2410:58:05
CWE-79
WPScan
www.cve.org
3
cve-2021-24306
ultimate member
authenticated reflected cross-site scripting
EPSS
0.001
Percentile
24.8%
The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin before 2.1.20 did not properly sanitise, validate or encode the query string when generating a link to edit user’s own profile, leading to an authenticated reflected Cross-Site Scripting issue. Knowledge of the targeted username is required to exploit this, and attackers would then need to make the related logged in user open a malicious link.
CNA Affected
[
{
"product": "Ultimate Member – User Profile, User Registration, Login & Membership Plugin",
"vendor": "Ultimate Member",
"versions": [
{
"lessThan": "2.1.20",
"status": "affected",
"version": "2.1.20",
"versionType": "custom"
}
]
}
]Related
openvas
openvas
WordPress Ultimate Member Plugin < 2.1.20 XSS Vulnerability
2021-06-29 00:00:00
prion
prion
Cross site scripting
2021-05-24 11:15:00
cnvd
cnvd
WordPress Plugin Cross-Site Scripting Vulnerability (CNVD-2021-59602)
2021-06-29 00:00:00
wpvulndb
wpvulndb
wpexploit
wpexploit
patchstack
patchstack
nvd
nvd
CVE-2021-24306
2021-05-24 11:15:08
osv
osv
CVE-2021-24306
2021-05-24 11:15:08
cve
cve
CVE-2021-24306
2021-05-24 11:15:08