CVE-2025-13220 | Ultimate Member Plugin up to 2.11.0 on WordPress Shortcode cross site scripting

Inserito da Angelo Barbosa | Dic 20, 2025 | CVE

A vulnerability was found in Ultimate Member Plugin up to 2.11.0 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Shortcode Handler. Such manipulation leads to cross site scripting.

This vulnerability is referenced as CVE-2025-13220. It is possible to launch the attack remotely. No exploit is available.

CVE-2025-13220 | Ultimate Member Plugin up to 2.11.0 on WordPress Shortcode cross site scripting

Post correlati

CVE-2024-12898 | 1000 Projects Attendance Tracking Management System 1.0 faculty_action.php faculty_course_id sql injection

CVE-2024-30309 | Adobe Substance 3D Painter up to 9.1.2 out-of-bounds (apsb24-31)

CVE-2023-46820 | Iulia Cazan Image Regenerate & Select Crop Plugin up to 7.3.0 on WordPress information disclosure

CVE-2023-48259 | Rexroth Nexo Cordless Nutrunner up to V1500-SP2 HTTP Request sql injection