Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin, CVE-2018-10234

CVE, Research URL: CVE-2018-10234
Home page URL: Security reports for Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Application: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Published on: Apr 23, 2018
Research Description: Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Deletion Custom Text" input field on the wp-admin/admin.php?page=um_options&section=account page.
Affected versions: max 2.0.11.
Status: vulnerable

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction &amp; Membership Plugin, CVE-2018-10234