Description

WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string.

Remediation

References

CVE-2013-4339

Related Vulnerabilities

Joomla! Core 3.x.x Multiple Cross-Site Scripting Vulnerabilities (3.0.0 - 3.8.7)

WordPress Plugin ALO EasyMail Newsletter Multiple Cross-Site Scripting Vulnerabilities (2.4.7)

PHP Other Vulnerability (CVE-2001-1385)

PHP Other Vulnerability (CVE-2007-1583)

Jboss EAP CVE-2016-5018 Vulnerability (CVE-2016-5018)

Severity

High

Classification

CVE-2013-4339 CWE-20

Tags

Missing Update Known Vulnerabilities