Description
WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership is prone to an open redirect vulnerability because the application fails to properly verify user-supplied input. Exploiting this issue may allow attackers to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership version 2.0.33 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 2.0.34 or latest
References
Related Vulnerabilities
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.6)
WordPress Plugin WordPress Landing Pages Unspecified Vulnerability (1.8.1)
WordPress Plugin Email Encoder-Protect Email Addresses Cross-Site Scripting (2.1.1)
WordPress Plugin The Events Calendar Cross-Site Scripting (3.0)
Magento Incorrect Authorization Vulnerability (CVE-2020-9692)