mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
115 lines
4.0 KiB
JSON
115 lines
4.0 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"AKA": "Wordfence",
|
|
"ASSIGNER": "security@wordfence.com",
|
|
"ID": "CVE-2022-1209",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "Ultimate Member <= 2.3.1 - Open Redirect"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Ultimate Member ",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "2.3.1",
|
|
"version_value": "2.3.1"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "ultimatemember"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"credit": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Ruijie Li"
|
|
}
|
|
],
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "The Ultimate Member plugin for WordPress is vulnerable to open redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims in versions up to, and including, 2.3.1 granted the victim clicks on a social icon on a user's profile page."
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.0.9"
|
|
},
|
|
"impact": {
|
|
"cvss": {
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 3.5,
|
|
"baseSeverity": "LOW",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "REQUIRED",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
|
|
"version": "3.1"
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://github.com/H4de5-7/vulnerabilities/blob/main/Ultimate%20Member%20%3C%3D%202.3.1%20-%20Open%20Redirect.md",
|
|
"name": "https://github.com/H4de5-7/vulnerabilities/blob/main/Ultimate%20Member%20%3C%3D%202.3.1%20-%20Open%20Redirect.md"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://github.com/ultimatemember/ultimatemember/issues/989",
|
|
"name": "https://github.com/ultimatemember/ultimatemember/issues/989"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://github.com/ultimatemember/ultimatemember/pull/990",
|
|
"name": "https://github.com/ultimatemember/ultimatemember/pull/990"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1209",
|
|
"name": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1209"
|
|
}
|
|
]
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Update to version 2.3.2, or newer. "
|
|
}
|
|
],
|
|
"source": {
|
|
"discovery": "UNKNOWN"
|
|
}
|
|
} |