WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14947)

Description

The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade.

Remediation

References

Related Vulnerabilities

phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-6798)

WordPress Plugin Weaver Xtreme Theme Support Cross-Site Scripting (6.2.6)

Liferay Portal CVE-2020-13444 Vulnerability (CVE-2020-13444)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-2333)

WordPress Plugin Forminator-Contact Form, Payment Form & Custom Form Builder SQL Injection (1.29.2)

Severity

Medium

Classification

CVE-2019-14947 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities