Medium severity6.1NVD Advisory· Published Sep 6, 2018· Updated Jun 17, 2026
CVE-2018-16285
CVE-2018-16285
Description
The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=4.9.23+ 1 more
- (no CPE)range: <=4.9.23
- (no CPE)range: <=4.9.23
Patches
Vulnerability mechanics
References
2- risataim.blogspot.com/2018/09/xss-en-plugin-userpro-de-wordpress.htmlnvdExploitTechnical DescriptionThird Party Advisory
- wpvulndb.com/vulnerabilities/9124nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.