CVE-2021-24306
Ultimate Member < 2.1.20 - Authenticated Reflected Cross-Site Scripting (XSS)
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
24 may 2021Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Ultimate Member – User Profile, User Registration, Login & Membership Plugin WordPress plugin before 2.1.20 did not properly sanitise, validate or encode the query string when generating a link to edit user's own profile, leading to an authenticated reflected Cross-Site Scripting issue. Knowledge of the targeted username is required to exploit this, and attackers would then need to make the related logged in user open a malicious link.
Productos afectados
Ultimate Member · Ultimate Member – User Profile, User Registration, Login & Membership Plugin¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →