Ultimate Member <= 2.3.1 - Open Redirect
Summery
Some URL components (Facebook, Twitter, LinkedIn, Instagram, YouTube, SoundCloud, VKontakte) in user profile exist open redirect vulnerability.
Vulnerability proof
'@' character can be used to bypass the host detection of some URL components.
1.Enter malicious URLs into the components.
For example:
Facebook component checks whether the URL redirects to https://facebook.com or not. Attackers construct malicious URL https://facebook.com@baidu.com and save it.
2.Reload the user profile and click "Facebook" component.
3.When people click the "Facebook" URL, website will redirects to https://baidu.com.


