WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Ultimate Member < 2.1.7 - Unauthenticated Open Redirect

Description

The Ultimate Member WordPress plugin was vulnerable to an Unauthenticated Open Redirect vulnerability, affecting the registration and login pages where the "redirect_to" GET parameter was used.

Proof of Concept

https://www.example.com/register/?redirect_to=https://www.evil.com/

Affects Plugins

ultimate-member
Fixed in version 2.1.7

References

URL
https://github.com/ultimatemember/ultimatemember/commit/c466e3d3d014a7e12850467372bdbabe6c474db2
URL
https://wordpress.org/support/topic/redirect_to-in-querystring-vulnerability/

Classification

Type

REDIRECT

OWASP top 10
A1: Injection
CWE
CWE-601

Miscellaneous

Submitter

Ryan

Verified

No

WPVDB ID
97823f41-7614-420e-81b8-9e735e4c203f

Timeline

Publicly Published

2020-08-12 (about 2 years ago)

Added

2020-08-12 (about 2 years ago)

Last Updated

2020-08-13 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin