Description
Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers incorrect hostname parsing, as demonstrated by an https:example.com URL.
Remediation
References
Related Vulnerabilities
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-2901)
WordPress Plugin WordPress Photo Gallery by Gallery Bank Unspecified Vulnerability (3.1.26)
WordPress Plugin Flip Book 'php.php' Arbitrary File Upload (1.0)
Envoy Proxy Improper Authentication Vulnerability (CVE-2021-21378)
WordPress Plugin Google Analytics Dashboard Cross-Site Scripting (2.1.1)