Description
In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation.
Remediation
References
Related Vulnerabilities
WordPress Plugin PHP Everywhere Multiple Remote Code Execution Vulnerabilities (2.0.3)
WordPress 6.1.x Multiple Vulnerabilities (6.1 - 6.1.6)
Oracle Application Server CVE-2006-3711 Vulnerability (CVE-2006-3711)
CakePHP Deserialization of Untrusted Data Vulnerability (CVE-2019-11458)
ProjectSend Improper Privilege Management Vulnerability (CVE-2020-28874)