Description

The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations.

Remediation

References

CVE-2019-14946

Related Vulnerabilities

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-31545)

XWiki Inadequate Encryption Strength Vulnerability (CVE-2022-29161)

Apache HTTP Server Improper Input Validation Vulnerability (CVE-2017-9788)

WordPress Plugin Contact Form to DB by BestWebSoft-Messages Database For WordPress Cross-Site Scripting (1.4.0)

WordPress Plugin WPZOOM Portfolio Cross-Site Scripting (1.2.1)

Severity

Medium

Classification

CVE-2019-14946 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities