WordPress Plugin Vulnerabilities

Ultimate Member < 2.1.7 - Unauthenticated Open Redirect

Description

The Ultimate Member WordPress plugin was vulnerable to an Unauthenticated Open Redirect vulnerability, affecting the registration and login pages where the "redirect_to" GET parameter was used.

Proof of Concept

Affects Plugins

Plugin icon
ultimate-member
Fixed in 2.1.7

References

URL
https://github.com/ultimatemember/ultimatemember/commit/c466e3d3d014a7e12850467372bdbabe6c474db2
URL
https://wordpress.org/support/topic/redirect_to-in-querystring-vulnerability/

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
4.3 (medium)

Miscellaneous

Submitter
Ryan
Verified
No
WPVDB ID
97823f41-7614-420e-81b8-9e735e4c203f

Timeline

Publicly Published
2020-08-12 (about 5 years ago)
Added
2020-08-12 (about 5 years ago)
Last Updated
2020-08-13 (about 5 years ago)

Other

Published
Title
Published
2024-06-03
Title
SEOPress < 7.8 - Contributor+ Open Redirect
Published
2014-08-07
Title
Feed Statistics < 4.0 - Open Redirect
Published
2015-08-15
Title
Google Adsense & Hotel Booking <= 1.0.5 - Open Proxy
Published
2018-04-03
Title
WordPress 3.7-4.9.4 - Use Safe Redirect for Login
Published
2025-04-09
Title
Ultimate WP Mail <= 1.3.9 - Open Redirect