Medium severity4.3NVD Advisory· Published May 10, 2022· Updated Apr 8, 2026
CVE-2022-1209
CVE-2022-1209
Description
The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims in versions up to, and including, 2.3.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:ultimatemember:ultimate_member:*:*:*:*:*:wordpress:*:*Range: <=2.3.1
- Range: <=2.3.1
Patches
Vulnerability mechanics
References
5- github.com/H4de5-7/vulnerabilities/blob/main/Ultimate%20Member%20%3C%3D%202.3.1%20-%20Open%20Redirect.mdnvdExploitThird Party Advisory
- github.com/ultimatemember/ultimatemember/issues/989nvdExploitIssue TrackingThird Party Advisory
- github.com/ultimatemember/ultimatemember/pull/990nvdThird Party Advisory
- www.wordfence.com/vulnerability-advisories/nvdThird Party Advisory
- www.wordfence.com/threat-intel/vulnerabilities/id/d638120b-5396-408b-8273-d003ff9dd01dnvd
News mentions
0No linked articles in our index yet.