Unauthenticated Stored XSS Vulnerability Patched in Ultimate Member WordPress Plugin | allinfosecnews.com

March 8, 2024, 7:18 p.m. | István Márton

Wordfence www.wordfence.com

On February 28th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an unauthenticated stored Cross-Site Scripting (XSS) vulnerability in Ultimate Member, a WordPress plugin with more than 200,000+ active installations. This vulnerability can be leveraged to inject malicious web scripts. Props to stealthcopter who discovered and responsibly reported this vulnerability through ...
Read More

The post Unauthenticated Stored XSS Vulnerability Patched in Ultimate Member WordPress Plugin appeared first on Wordfence.

bounty bug bug bounty can cross-site february inject malicious plugin research scripting scripts stored xss submission ultimate member unauthenticated vulnerabilities vulnerability web wordpress wordpress plugin wordpress security xss

More from www.wordfence.com / Wordfence

$197 Bounty Awarded for Unauthenticated Arbitrary Post Deletion Vulnerability Patched in LeadConnector WordPress Plugin 2 days, 19 hours ago | www.wordfence.com

bounty bug bug bounty deletion +16

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024) 6 days, 18 hours ago | www.wordfence.com

april bounty bug bug bounty +17

$493 Bounty Awarded for Arbitrary Options Update Vulnerability Patched in WP Datepicker WordPress Plugin 1 week, 1 day ago | www.wordfence.com

april bounty bug bug bounty +16

$2,063 Bounty Awarded for Privilege Escalation Vulnerability Patched in User Registration WordPress Plugin 1 week, 5 days ago | www.wordfence.com

bounty bug bug bounty disclosure +18

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 8, 2024 to April 14, 2024) 1 week, 6 days ago | www.wordfence.com

april bounty bug bug bounty +17

$400 Bounty Awarded for SQL Injection Vulnerability Patched in WP Activity Log Premium WordPress Plugin 2 weeks ago | www.wordfence.com

activity log bounty bug bug bounty +21

$1,250 Bounty Awarded for Unauthenticated SQL Injection Vulnerability Patched in Email Subscribers by Icegram Express … 2 weeks, 2 days ago | www.wordfence.com

bounty bug bug bounty can +19

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024) 2 weeks, 6 days ago | www.wordfence.com

april bounty bug bug bounty +17

Unauthenticated Stored Cross-Site Scripting Vulnerability Patched in WordPress Core 3 weeks ago | www.wordfence.com

april block bug cross-site +13

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote

View on infosec-jobs.com

Premium Hub - CoE: Business Process Senior Consultant, SAP Security Role and Authorisations & GRC

@ SAP | Dublin 24, IE, D24WA02

View on infosec-jobs.com

Product Security Response Engineer

@ Intel | CRI - Belen, Heredia

View on infosec-jobs.com

Application Security Architect

@ Uni Systems | Brussels, Brussels, Belgium

View on infosec-jobs.com

Sr Product Security Engineer

@ ServiceNow | Hyderabad, India

View on infosec-jobs.com

Analyst, Cybersecurity & Technology (Initial Application Deadline May 20th, Final Deadline May 31st)

@ FiscalNote | United Kingdom (UK)

View on infosec-jobs.com