WordPress Ultimate Member Plugin URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2022-1209 - Vulnerability Database

WordPress Ultimate Member Plugin URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2022-1209

Medium

Reference: CVE-2022-1209

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-1209

Title: WordPress Ultimate Member Plugin URL Redirection to Untrusted Site (Open Redirect) Vulnerability

Overview:

The Ultimate Member plugin for WordPress is vulnerable to open redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page which makes it possible for attackers to redirect unsuspecting victims in versions up to and including 2.3.1 granted the victim clicks on a social icon on a user39s profile page.