Ultimate Member – User Profile & Membership Plugin STORED XSS

Published at October 6, 2018 – 1 min read

XSS Ultimate Member

Product: Ultimate Member – User Profile & Membership Plugin

Version: 2.0.27 or earlier

URL: https://wordpress.org/plugins/ultimate-member/

Potential users affected: 100.000+

CVE : CVE-2018-17866

Ultimate member

Ultimate Member is one of the many user profile & membership plugins for WordPress. The plugin makes it a breeze for users to sign-up and become members of your website. The plugin allows you to add user profiles to your site and is suitable for creating advanced online communities and membership sites. Lightweight and highly extendible, Ultimate Member will enable you to create almost any type of site where users can join and become members with absolute ease.

Description

Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the “Ultimate Member - User Profile & Membership” plugin through 2.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the “Primary button Text” or “Second button text” field.

Vulnerability Type

  • Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) (CWE-79)

Proof of Concept

Timelapse

  • 2018-10-01 Found issue and asked for a CVE
  • 2018-10-02 Contacted support team of Ultimate Member
  • 2018-10-05 Issues resolved and version 2.0.28 released
  • 2018-10-06 Article release

About the author

SerHack is a security engineer, developer, and writer. He is contributing to the Monero project, a cryptocurrency focused on preserving privacy for transactions data. In his publications, Mastering Monero has became one of the best rated resources to learn about Monero.

Next post: Mastering Monero first edition has been released