WordPress Plugin Vulnerabilities

Ultimate Member < 2.3.2 - Open Redirect

Description

The plugin is vulnerable to open redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims

Affects Plugins

ultimate-member

Fixed in version 2.3.2

References

CVE

CVE-2022-1209

URL

https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1209

Classification

Type

REDIRECT

OWASP top 10

A1: Injection

CWE

CWE-601

Miscellaneous

Original Researcher

Ruijie Li

Verified

Yes

WPVDB ID

504f896c-44bb-4452-a66a-e15fc508e6c2

Timeline

Publicly Published

2022-04-29 (about 9 months ago)

Added

2022-04-30 (about 9 months ago)

Last Updated

2022-05-01 (about 9 months ago)

Our Other Services

WPScan WordPress Security Plugin