Description
Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers incorrect hostname parsing, as demonstrated by an https:example.com URL.
Remediation
References
Related Vulnerabilities
WordPress Plugin W4 Post List Multiple Vulnerabilities (2.4.5)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1155)
WordPress Plugin MarketPress-WordPress eCommerce PHP Object Injection (3.2.6)
ownCloud Session Fixation Vulnerability (CVE-2021-35948)
WordPress 4.1.x Denial of Service Vulnerability (4.1 - 4.1.22)