Unauthenticated Stored XSS Vulnerability Patched in Ultimate Member WordPress Plugin

On February 28th, 2024, during the Wordfence second Bug Bounty Extravaganza, they received a submission for an unauthenticated stored Cross-Site Scripting (XSS) vulnerability in Ultimate Member, a WordPress plugin with more than 200,000+ active installations. This vulnerability can be leveraged to inject malicious web scripts.

Props to stealthcopter who discovered and responsibly reported this vulnerability through the Wordfence Bug Bounty Program. This researcher earned a bounty of $563.00 for this discovery during our Bug Bounty Program Extravaganza. Our mission is to Secure the Web, so we are proud to continue investing in vulnerability research like this and collaborating with researchers of this caliber through our Bug Bounty Program. This demonstrates that we are not only committed to investing in making the WordPress ecosystem more secure, but also the entire web.

All sites using the Wordfence plugin are protected against any exploits targeting this vulnerability by the Wordfence firewall’s built-in Cross-Site Scripting protection.

Wordfence provided full disclosure details to the Ultimate Member Team on March 2, 2024, and received a response on March 4, 2024. The developer released a patch on March 6, 2024. We would like to commend the Ultimate Member Team for their prompt response and timely patch.

We urge users to update their sites with the latest patched version of Ultimate Member, which is version 2.8.4, as soon as possible.

Source and more details: https://www.wordfence.com/blog/2024/03/unauthenticated-stored-xss-vulnerability-patched-in-ultimate-member-wordpress-plugin/