Unauthenticated Stored XSS Vulnerability Patched in Ultimate Member WordPress Plugin

On February 28th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an unauthenticated stored Cross-Site Scripting (XSS) vulnerability in Ultimate Member, a WordPress plugin with more than 200,000+ active installations. This vulnerability can be leveraged to inject malicious web scripts.

This post was originally published on Wordfence by István Márton.

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.