Description
Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _refer parameter to wp-admin/users.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin BackupBuddy Arbitrary File Download (8.7.4.1)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-26071)
WordPress Plugin Import Social Events Cross-Site Scripting (1.6.6)
Drupal Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2017-6381)