Ultimate Member – User Profile & Membership Plugin STORED XSS
Published at October 6, 2018 – 1 min read
Product: Ultimate Member – User Profile & Membership Plugin
Version: 2.0.27 or earlier
Potential users affected: 100.000+
CVE : CVE-2018-17866
Ultimate Member is one of the many user profile & membership plugins for WordPress. The plugin makes it a breeze for users to sign-up and become members of your website. The plugin allows you to add user profiles to your site and is suitable for creating advanced online communities and membership sites. Lightweight and highly extendible, Ultimate Member will enable you to create almost any type of site where users can join and become members with absolute ease.
Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the “Ultimate Member - User Profile & Membership” plugin through 2.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the “Primary button Text” or “Second button text” field.
- Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) (CWE-79)
Proof of Concept
- 2018-10-01 Found issue and asked for a CVE
- 2018-10-02 Contacted support team of Ultimate Member
- 2018-10-05 Issues resolved and version 2.0.28 released
- 2018-10-06 Article release