CVE-2022-1209

Sažetak

The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims in versions up to, and including, 2.3.1.

Reference

https://github.com/H4de5-7/vulnerabilities/blob/main/Ultimate%20Member%20%3C%3D%202.3.1%20-%20Open%20Redirect.md
https://github.com/ultimatemember/ultimatemember/issues/989
https://github.com/ultimatemember/ultimatemember/pull/990
https://www.wordfence.com/threat-intel/vulnerabilities/id/d638120b-5396-408b-8273-d003ff9dd01d?source=cve
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1209

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

11-01-2024 - 09:15

Objavljeno

10-05-2022 - 20:15