SerHack - Developer and Security

SerHack

Developer - Security engineer

[email protected]

Ultimate Member – User Profile & Membership Plugin STORED XSS

by SerHack


Product: Ultimate Member – User Profile & Membership Plugin
Version: 2.0.27 or earlier
URL: https://wordpress.org/plugins/ultimate-member/
Potential users affected: 100.000+
CVE : CVE-2018-17866

Description

Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin through 2.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field.

Proof of Concept

Timelaps

2018-10-01 Found issue and asked for a CVE
2018-10-02 Contacted support team of Ultimate Member
2018-10-05 Issues resolved and version 2.0.28 released
2018-10-06 Article released