Description
WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string.
Remediation
References
Related Vulnerabilities
WordPress Plugin WPMK Ajax Finder Cross-Site Request Forgery (1.0.1)
WebLogic CVE-2020-13956 Vulnerability (CVE-2020-13956)
Moodle Credentials Management Errors Vulnerability (CVE-2014-7845)
MySQL CVE-2012-0490 Vulnerability (CVE-2012-0490)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-0362)