WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-10872)

Description

The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form.

Remediation

References

Related Vulnerabilities

Internet Information Services Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-1999-0861)

PHP Other Vulnerability (CVE-2000-0059)

MySQL CVE-2018-3285 Vulnerability (CVE-2018-3285)

ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-0828)

Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3298)

Severity

Medium

Classification

CVE-2016-10872 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities