Description
In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contest Gallery-Photo Contest for WordPress Security Bypass (13.1.0.6)
Atlassian Jira Improper Authentication Vulnerability (CVE-2021-39119)
WordPress Plugin The Events Calendar Open Redirect (4.1.1)
WordPress Plugin Export any WordPress data to XML/CSV SQL Injection (1.3.4)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6311)