CVE-2016-10872: XSS
First published: Mon Aug 12 2019(Updated: )
The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ultimate Member | <1.3.40 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2016-10872.
What is the severity of CVE-2016-10872?
The severity of CVE-2016-10872 is medium (6.1).
Which software versions are affected by CVE-2016-10872?
The ultimate-member plugin versions up to and excluding 1.3.40 for WordPress are affected by CVE-2016-10872.
What is the Common Weakness Enumeration (CWE) ID for this vulnerability?
The Common Weakness Enumeration (CWE) ID for CVE-2016-10872 is CWE-79.
How can I fix the XSS vulnerability in the ultimate-member plugin?
To fix the XSS vulnerability, you should update the ultimate-member plugin to version 1.3.40 or newer.
- agent/references
- agent/event
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/description
- agent/author
- agent/weakness
- agent/severity
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ultimatemember
- canonical/ultimate member