CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Ultimatemember: >> User Profile & Membership >> 2.0.7 Security Vulnerabilities

CVE-2018-10234

Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Deletion Custom Text" input field on the wp-admin/admin.php?page=um_options&section=account page.

CVSS Score

4.8

EPSS Score

0.004

Published

2018-04-23

Page 1

Vulnerabilities

Vulnerable Software

Ultimatemember: >> User Profile & Membership >> 2.0.7 Security Vulnerabilities

Products

Pricing

Contact Us