Vulnerability Description
The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims in versions up to, and including, 2.3.1.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ultimatemember | Ultimate Member | <= 2.3.1 |
Related Weaknesses (CWE)
References
- https://github.com/H4de5-7/vulnerabilities/blob/main/Ultimate%20Member%20%3C%3D%ExploitThird Party Advisory
- https://github.com/ultimatemember/ultimatemember/issues/989ExploitIssue TrackingThird Party Advisory
- https://github.com/ultimatemember/ultimatemember/pull/990Third Party Advisory
- https://www.wordfence.com/threat-intel/vulnerabilities/id/d638120b-5396-408b-827
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1209Third Party Advisory
- https://github.com/H4de5-7/vulnerabilities/blob/main/Ultimate%20Member%20%3C%3D%ExploitThird Party Advisory
- https://github.com/ultimatemember/ultimatemember/issues/989ExploitIssue TrackingThird Party Advisory
- https://github.com/ultimatemember/ultimatemember/pull/990Third Party Advisory
- https://www.wordfence.com/threat-intel/vulnerabilities/id/d638120b-5396-408b-827
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1209Third Party Advisory
FAQ
What is CVE-2022-1209?
CVE-2022-1209 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for atta...
How severe is CVE-2022-1209?
CVE-2022-1209 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-1209?
Check the references section above for vendor advisories and patch information. Affected products include: Ultimatemember Ultimate Member.