Unauthenticated Stored XSS Vulnerability Patched in Ultimate Member WordPress Plugin | allinfosecnews.com

March 8, 2024, 7:18 p.m. | István Márton

Wordfence www.wordfence.com

On February 28th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an unauthenticated stored Cross-Site Scripting (XSS) vulnerability in Ultimate Member, a WordPress plugin with more than 200,000+ active installations. This vulnerability can be leveraged to inject malicious web scripts. Props to stealthcopter who discovered and responsibly reported this vulnerability through ...
Read More

The post Unauthenticated Stored XSS Vulnerability Patched in Ultimate Member WordPress Plugin appeared first on Wordfence.

bounty bug bug bounty can cross-site february inject malicious plugin research scripting scripts stored xss submission ultimate member unauthenticated vulnerabilities vulnerability web wordpress wordpress plugin wordpress security xss

More from www.wordfence.com / Wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 20, 2024 to May 26, 2024) 2 days, 14 hours ago | www.wordfence.com

all in bounty bug bug bounty +22

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 13, 2024 to May 19, 2024) 1 week, 2 days ago | www.wordfence.com

contributed database intelligence may +16

Up to 30X Faster PHP Malware Scans with Wordfence CLI 4.0.1 1 week, 3 days ago | www.wordfence.com

can cli malware malware scanner +11

The Wordfence Affiliate Program Officially Launches Today 1 week, 4 days ago | www.wordfence.com

advocates affiliate clients community +12

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024) 2 weeks, 2 days ago | www.wordfence.com

bounty bug bug bounty disclosure +16

30,000 WordPress Sites affected by Arbitrary SQL Execution Vulnerability Patched in Visualizer WordPress Plugin 2 weeks, 3 days ago | www.wordfence.com

plugin research sql vulnerabilities +6

Revolutionizing WordPress Bug Bounty and Security: Latest Enhancements to the Wordfence Bug Bounty Program 2 weeks, 4 days ago | www.wordfence.com

bounties bounty bug bug bounty +15

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 29, 2024 to May 5, 2024) 3 weeks, 2 days ago | www.wordfence.com

april bounty bug bug bounty +17

$563 Bounty Awarded for Reflected Cross-Site Scripting Vulnerability Patched in Yoast SEO WordPress Plugin 3 weeks, 5 days ago | www.wordfence.com

april bounty bug bug bounty +17

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote

View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC

View on infosec-jobs.com