On February 28th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an unauthenticated stored Cross-Site Scripting (XSS) vulnerability in Ultimate Member, a WordPress plugin with more than 200,000+ active installations. This vulnerability can be leveraged to inject malicious web scripts. Props to stealthcopter who discovered and responsibly reported this vulnerability through …
Read More
The post Unauthenticated Stored XSS Vulnerability Patched in Ultimate Member WordPress Plugin appeared first on Wordfence.
This article has been indexed from Blog – Wordfence