Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10100)

Description

Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS.

Remediation

References

Related Vulnerabilities

WordPress Plugin WordPress Backup and Migrate-Backup Guard Unspecified Vulnerability (1.0.6)

Oracle HTTP Server CVE-2020-2952 Vulnerability (CVE-2020-2952)

XWiki Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') Vulnerability (CVE-2022-41928)

WordPress Plugin Custom Dashboard & Login Page-AGCA Cross-Site Scripting (6.9.1)

WordPress Plugin Kraken.io Image Optimizer Cross-Site Request Forgery (2.6.5)

Severity

Medium

Classification

CVE-2018-10100 CWE-601 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities