CVE-2022-1209

Name of the Vulnerable Software and Affected Versions The Ultimate Member plugin for WordPress versions up to, and including, 2.3.1

Description The issue is related to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page. This makes it possible for attackers to redirect unsuspecting victims.

Recommendations For versions up to, and including, 2.3.1, update to a version later than 2.3.1 to resolve the issue. As a temporary workaround, consider restricting access to the social fields of the Profile Page to minimize the risk of exploitation.