WordPress Ultimate Member Plugin URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2022-1209 - Vulnerability Database

WordPress Ultimate Member Plugin URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2022-1209

Medium
Reference: CVE-2022-1209
Title: WordPress Ultimate Member Plugin URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Overview:

The Ultimate Member plugin for WordPress is vulnerable to open redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page which makes it possible for attackers to redirect unsuspecting victims in versions up to and including 2.3.1 granted the victim clicks on a social icon on a user39s profile page.