CVE-2018-16285: XSS
First published: Thu Sep 06 2018(Updated: )
The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| UserPro | <=4.9.23 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this UserPro plugin vulnerability?
The vulnerability ID for this UserPro plugin vulnerability is CVE-2018-16285.
What is the severity of CVE-2018-16285?
The severity of CVE-2018-16285 is medium with a CVSS score of 6.1.
How does the UserPro plugin through 4.9.23 for WordPress allow XSS?
The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php.
Which version of the UserPro plugin is affected by CVE-2018-16285?
The UserPro plugin version up to 4.9.23 is affected by CVE-2018-16285.
Is there a fix available for CVE-2018-16285?
Please update to a fixed version of the UserPro plugin.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/userproplugin
- canonical/userpro
- version/userpro/4.9.23