WordPress Ultimate Member <2.1.7 - Open Redirect

What is the "WordPress Ultimate Member <2.1.7 - Open Redirect?" module?

The "WordPress Ultimate Member <2.1.7 - Open Redirect" module is a test case designed to detect an open redirect vulnerability in the WordPress Ultimate Member plugin before version 2.1.7. This vulnerability affects the registration and login pages of the plugin and can be exploited through the "redirect_to" GET parameter. The severity of this vulnerability is classified as medium, with a CVSS score of 6.1.

This module was authored by 0x_Akoko.

Impact

An open redirect vulnerability allows an attacker to redirect users to malicious websites or phishing pages. By exploiting this vulnerability, an attacker can trick users into visiting a URL that appears legitimate but actually leads to a malicious destination. This can result in various attacks, such as stealing sensitive information, spreading malware, or conducting phishing campaigns.

How does the module work?

The module sends a GET request to the "/register/?redirect_to=https://interact.sh/" path, simulating a user registration process. It then checks the response headers for a specific pattern using a regular expression matcher. The matcher looks for the presence of a "Location" header that redirects to a URL containing "interact.sh". If the pattern is matched, the module reports a vulnerability.

By analyzing the response headers, the module identifies if the WordPress Ultimate Member plugin version is vulnerable to the open redirect issue. If the vulnerability is detected, further actions can be taken to mitigate the risk and secure the website.