Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin prior to 2.0.28 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ultimatemember ultimate member |