{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T05:04:58.040","vulnerabilities":[{"cve":{"id":"CVE-2022-1209","sourceIdentifier":"security@wordfence.com","published":"2022-05-10T20:15:08.407","lastModified":"2026-04-08T19:17:49.640","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims in versions up to, and including, 2.3.1."},{"lang":"es","value":"El plugin Ultimate Member para WordPress es vulnerable a redireccionamientos abiertos debido a una comprobación insuficiente de las URL suministradas en los campos social de la Página de Perfil, lo que hace posible que atacantes redirijan a víctimas desprevenidas en versiones hasta la 2.3.1 incluyéndola, concediendo a la víctima un clic en un icono social en la página de perfil de un usuario"}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ultimatemember:ultimate_member:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"2.3.1","matchCriteriaId":"5C25D964-CA5C-4690-8EB4-9723DF8393FF"}]}]}],"references":[{"url":"https://github.com/H4de5-7/vulnerabilities/blob/main/Ultimate%20Member%20%3C%3D%202.3.1%20-%20Open%20Redirect.md","source":"security@wordfence.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/ultimatemember/ultimatemember/issues/989","source":"security@wordfence.com","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/ultimatemember/ultimatemember/pull/990","source":"security@wordfence.com","tags":["Third Party Advisory"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d638120b-5396-408b-8273-d003ff9dd01d?source=cve","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1209","source":"security@wordfence.com","tags":["Third Party Advisory"]},{"url":"https://github.com/H4de5-7/vulnerabilities/blob/main/Ultimate%20Member%20%3C%3D%202.3.1%20-%20Open%20Redirect.md","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/ultimatemember/ultimatemember/issues/989","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/ultimatemember/ultimatemember/pull/990","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d638120b-5396-408b-8273-d003ff9dd01d?source=cve","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1209","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}