Vulnerability Details CVE-2018-16285
The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 81.1%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2018-16285
-
cpe:2.3:a:userproplugin:userpro:-
-
cpe:2.3:a:userproplugin:userpro:4.9.17.1
-
cpe:2.3:a:userproplugin:userpro:4.9.19
-
cpe:2.3:a:userproplugin:userpro:4.9.20
-
cpe:2.3:a:userproplugin:userpro:4.9.21
-
cpe:2.3:a:userproplugin:userpro:4.9.22
-
cpe:2.3:a:userproplugin:userpro:4.9.23