Security Advisory

CVE-2018-17866

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-10-09 22:00:00

Last updated 2024-08-05 11:01:14

Assigner mitre

State PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field.

← Browse all CVEs View on cve.org ↗