Description
In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation.
Remediation
References
Related Vulnerabilities
Envoy Proxy Uncontrolled Resource Consumption Vulnerability (CVE-2020-12605)
Python Integer Overflow or Wraparound Vulnerability (CVE-2010-1449)
Oracle Database Server CVE-2014-4292 Vulnerability (CVE-2014-4292)
WordPress Plugin Wordfence Security-Firewall & Malware Scan Cross-Site Scripting (6.1.6)
WordPress Plugin Live Scores for SportsPress Multiple Vulnerabilities (1.9.0)