WordPress Plugin Vulnerabilities
Ultimate Member < 2.1.7 - Unauthenticated Open Redirect
Description
The Ultimate Member WordPress plugin was vulnerable to an Unauthenticated Open Redirect vulnerability, affecting the registration and login pages where the "redirect_to" GET parameter was used.
Proof of Concept
https://www.example.com/register/?redirect_to=https://www.evil.com/
Affects Plugins
References
Classification
Type
REDIRECT
OWASP top 10
CWE
CVSS
Miscellaneous
Submitter
Ryan
Verified
No
WPVDB ID
Timeline
Publicly Published
2020-08-12 (about 3 years ago)
Added
2020-08-12 (about 3 years ago)
Last Updated
2020-08-13 (about 3 years ago)