Description
WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string.
Remediation
References
Related Vulnerabilities
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.35)
PostgreSQL Improper Certificate Validation Vulnerability (CVE-2021-43767)
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.12)
WordPress Plugin Nextend Facebook Connect Unspecified Vulnerability (1.5.7)
WordPress Plugin Websimon Tables Cross-Site Scripting (1.3.4)