Description
The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie.
Remediation
References
Related Vulnerabilities
PrestaShop URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-5270)
Django Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-33571)
Oracle Database Server CVE-2019-2753 Vulnerability (CVE-2019-2753)
WordPress Plugin Delightful Downloads Directory Traversal (1.6.6)
Jboss EAP Improper Input Validation Vulnerability (CVE-2020-10693)