On February 28th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an unauthenticated stored Cross-Site Scripting (XSS) vulnerability in Ultimate Member, a WordPress plugin with more than 200, 000+ active installations. This vulnerability can be leveraged to inject malicious web scripts. Props to stealthcopter…
Unauthenticated Stored XSS Vulnerability Patched in Ultimate Member WordPress Plugin
Full Disclosure: This webpage may contain affiliate links, in which the website owner would receive a commission for purchases made. This does not affect your purchase cost.