Описание
The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims in versions up to, and including, 2.3.1.
Ссылки
- ExploitThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.3.1 (включая)
cpe:2.3:a:ultimatemember:ultimate_member:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 56%
0.00334
Низкий
4.3 Medium
CVSS3
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
The Ultimate Member plugin for WordPress is vulnerable to open redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims in versions up to, and including, 2.3.1 granted the victim clicks on a social icon on a user's profile page.
EPSS
Процентиль: 56%
0.00334
Низкий
4.3 Medium
CVSS3
5.4 Medium
CVSS3
3.5 Low
CVSS2