CVE-2019-14946: XSS
First published: Mon Aug 12 2019(Updated: )
The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ultimate Member | <2.0.52 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-14946?
CVE-2019-14946 is a vulnerability in the Ultimate Member plugin before version 2.0.52 for WordPress, which allows for XSS attacks related to UM Roles create and edit operations.
How severe is CVE-2019-14946?
CVE-2019-14946 has a severity score of 5.4, which is considered medium.
How does CVE-2019-14946 affect my website?
If your website uses the Ultimate Member plugin before version 2.0.52 for WordPress, it is vulnerable to XSS attacks when performing UM Roles create and edit operations.
How can I fix CVE-2019-14946?
To fix CVE-2019-14946, you should update the Ultimate Member plugin to version 2.0.52 or later.
Where can I find more information about CVE-2019-14946?
You can find more information about CVE-2019-14946 on the official WordPress plugins page for Ultimate Member and the WPScan Vulnerability Database.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ultimatemember
- canonical/ultimate member