WordPress Plugin Vulnerabilities

Ultimate Member < 2.3.2 - Open Redirect

Description

The plugin is vulnerable to open redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims

Affects Plugins

Plugin icon
ultimate-member
Fixed in 2.3.2

References

CVE
CVE-2022-1209
URL
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1209

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Ruijie Li
Verified
Yes
WPVDB ID
504f896c-44bb-4452-a66a-e15fc508e6c2

Timeline

Publicly Published
2022-04-29 (about 4 years ago)
Added
2022-04-30 (about 4 years ago)
Last Updated
2022-05-01 (about 4 years ago)

Other

Published
Title
Published
2025-04-01
Title
Integration of Zoho CRM and Contact Form 7 <= 1.0.7 - Open Redirect
Published
2024-04-29
Title
Share This Image < 1.99 - Open Redirect
Published
2025-03-27
Title
Automation By Autonami < 3.5.2 - Open Redirect
Published
2024-04-11
Title
FV Flowplayer Video Player < 7.5.45.7212 - Authenticated (Contributor+) Arbitrary Redirect
Published
2014-08-01
Title
WordPress 3.6 - Multiple Script Arbitrary Site Redirect