CVE-2022-1209

Exploit

EPSS 0.69%
Veröffentlicht 10.05.2022 20:15:08
Zuletzt bearbeitet 08.04.2026 19:17:49
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Ultimate Member <= 2.3.1 - Arbitrary Redirect

The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims in versions up to, and including, 2.3.1.

Mögliche Gegenmaßnahme

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin: Update to version 2.3.2, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 9

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ultimatemember ≫ Ultimate Member SwPlatformwordpress Version <= 2.3.1

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Version *-2.3.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.69%	0.48

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N
security@wordfence.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://github.com/H4de5-7/vulnerabilities/blob/main/Ultimate%20Member%20%3C%3D%202.3.1%20-%20Open%20Redirect.md

Third Party Advisory

Exploit

https://github.com/ultimatemember/ultimatemember/issues/989

Third Party Advisory

Exploit

Issue Tracking

https://github.com/ultimatemember/ultimatemember/pull/990

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/d638120b-5396-408b-8273-d003ff9dd01d?source=cve

https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1209

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/d638120b-5396-408b-8273-d003ff9dd01d

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-1209

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-1209

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-1209

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-1209