Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin, CVE-2018-6943

CVE, Research URL: CVE-2018-6943
Home page URL: Security reports for Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Application: Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Published on: Feb 16, 2018
Research Description: core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.
Affected versions: max 2.0.4.
Status: vulnerable

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction &amp; Membership Plugin, CVE-2018-6943