Lucene search
GoogleOSV:CVE-2022-1209HistoryMay 10, 2022 - 8:15 p.m.
CVE-2022-1209
2022-05-1020:15:08
Google
osv.dev
8
wordpress
ultimate member
arbitrary redirects
The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims in versions up to, and including, 2.3.1.
References
github.com/H4de5-7/vulnerabilities/blob/main/Ultimate%20Member%20%3C%3D%202.3.1%20-%20Open%20Redirect.md
github.com/ultimatemember/ultimatemember/issues/989
github.com/ultimatemember/ultimatemember/pull/990
www.wordfence.com/threat-intel/vulnerabilities/id/d638120b-5396-408b-8273-d003ff9dd01d?source=cve
www.wordfence.com/vulnerability-advisories/#CVE-2022-1209
Related
patchstack
patchstack
WordPress Ultimate Member plugin <= 2.3.1 - Open Redirect vulnerability
2022-05-01 00:00:00
nvd
nvd
CVE-2022-1209
2022-05-10 20:15:08
prion
prion
Input validation
2022-05-10 20:15:00
cnvd
cnvd
WordPress Ultimate Member plugin arbitrary redirection vulnerability
2022-05-12 00:00:00
cvelist
cvelist
CVE-2022-1209
2022-05-10 19:34:42
wpvulndb
wpvulndb
Ultimate Member < 2.3.2 - Open Redirect
2022-04-29 00:00:00
cve
cve
CVE-2022-1209
2022-05-10 20:15:08
openvas
openvas
WordPress Ultimate Member Plugin <= 2.3.1 Open Redirect Vulnerability
2022-05-11 00:00:00