6.4
CVE-2022-1208
- EPSS 0.28%
- Veröffentlicht 13.06.2022 13:15:10
- Zuletzt bearbeitet 21.11.2024 06:40:15
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginUltimate Member <= 2.3.2 - Stored Cross-Site Scripting
The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient input sanitization and output escaping that allows users to encode malicious web scripts with HTML encoding that is reflected back on the page. This affects versions up to, and including, 2.3.2. Please note this issue was only partially fixed in version 2.3.2.
Mögliche Gegenmaßnahme
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin: Update to version 2.4.0, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
Version
*-2.3.2
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ultimatemember ≫ Ultimate Member SwPlatformwordpress Version <= 2.3.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.511 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
| security@wordfence.com | 6.4 | 3.1 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
|