Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin, CVE-2018-17866

CVE, Research URL: CVE-2018-17866
Home page URL: Security reports for Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Application: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Published on: Oct 10, 2018
Research Description: Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field.
Affected versions: max 2.0.28.
Status: vulnerable

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction &amp; Membership Plugin, CVE-2018-17866