CVE-2024-4133

Name of the Vulnerable Software and Affected Versions The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress versions prior to 4.0.31

Description The issue is due to insufficient validation on the redirect url supplied via the redirect to parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

Recommendations For versions up to and including 4.0.30, update to a version later than 4.0.30 to resolve the issue. As a temporary workaround, consider restricting the use of the redirect to parameter until a patch is available.