WordPress Plugin Vulnerabilities

Ultimate Member < 2.1.7 - Unauthenticated Open Redirect

Description

The Ultimate Member WordPress plugin was vulnerable to an Unauthenticated Open Redirect vulnerability, affecting the registration and login pages where the "redirect_to" GET parameter was used.

Proof of Concept

https://www.example.com/register/?redirect_to=https://www.evil.com/

Affects Plugins

Plugin icon
ultimate-member
Fixed in 2.1.7

References

URL
https://github.com/ultimatemember/ultimatemember/commit/c466e3d3d014a7e12850467372bdbabe6c474db2
URL
https://wordpress.org/support/topic/redirect_to-in-querystring-vulnerability/

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
4.3 (medium)

Miscellaneous

Submitter
Ryan
Verified
No
WPVDB ID
97823f41-7614-420e-81b8-9e735e4c203f

Timeline

Publicly Published
2020-08-12 (about 3 years ago)
Added
2020-08-12 (about 3 years ago)
Last Updated
2020-08-13 (about 3 years ago)

Other

Published
Title
Published
2021-04-29
Title
AcyMailing < 7.5.0 - Open Redirect
Published
2021-08-25
Title
Nested Pages < 3.1.16 - Open Redirect
Published
2023-02-27
Title
WP Meta SEO < 4.5.3 - Subscriber+ Improper Authorization causing Arbitrary Redirect
Published
2023-12-27
Title
Advanced Access Manager < 6.9.19 - Open Redirect
Published
2021-12-22
Title
Event Tickets < 5.2.2 - Open Redirect