Ultimate Member <= 2.3.1 - Open Redirect
CVE-2022-1209

3.5LOW

Key Information:

Vendor: Wordpress
Status: Ultimate Member
Vendor: CVE Published:; 10 May 2022

What is CVE-2022-1209?

The Ultimate Member plugin for WordPress is vulnerable to open redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims in versions up to, and including, 2.3.1 granted the victim clicks on a social icon on a user's profile page.

Affected Version(s)

Ultimate Member 2.3.1

References

https://github.com/H4de5-7/vulnerabilities/blob/main/Ulti...

x_refsource_MISC

https://github.com/ultimatemember/ultimatemember/issues/989

x_refsource_MISC

https://github.com/ultimatemember/ultimatemember/pull/990

x_refsource_MISC

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 10, 2022
Vulnerability Reserved
Apr 1, 2022

Credit

Ruijie Li

Wordpress

What is CVE-2022-1209?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit