all InfoSec news
Unauthenticated Stored XSS Vulnerability Patched in Ultimate Member WordPress Plugin
Malware Analysis, News and Indicators - Latest topics malware.news
On February 28th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an unauthenticated stored Cross-Site Scripting (XSS) vulnerability in Ultimate Member, a WordPress plugin with more than 200,000+ active installations. This vulnerability can be leveraged to inject malicious web scripts.
Props to stealthcopter who discovered and responsibly reported this vulnerability through the Wordfence Bug Bounty Program. This researcher earned a bounty of $563.00 for this discovery during our Bug Bounty Program Extravaganza. Our mission …
bounty bug bug bounty can cross-site february inject malicious plugin scripting scripts stored xss submission ultimate member unauthenticated vulnerability web wordpress wordpress plugin xss