Vulnerabilities and security researches forbuddyforms-ultimate-member buddyforms-ultimate-member

Jun 06, 2024

CVE, Research URL: 893cfcf44e3c079784f666e461a667cb4f6e2761
Home page URL: Security reports for BuddyForms Ultimate Member
Application: BuddyForms Ultimate Member
Date: Jul 19, 2023
Research Description: BuddyForms Ultimate Member [buddyforms-ultimate-member] < 1.3.8 WordPress BuddyForms Ultimate Member Plugin <= 1.3.7 is vulnerable to Cross Site Scripting (XSS) Update the WordPress BuddyForms Ultimate Member plugin to the latest available version. Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress BuddyForms Ultimate Member Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.3.8.
Affected versions: Min -, max -.
Status: vulnerable