Description
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS.
Remediation
References
Related Vulnerabilities
Atlassian Jira CVE-2021-39116 Vulnerability (CVE-2021-39116)
WordPress Plugin Prismatic Multiple Cross-Site Scripting Vulnerabilities (2.7)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1154)
WordPress Plugin GiveWP-Donation and Fundraising Platform SQL Injection (2.5.0)
WordPress Plugin Google Analytics Top Content Widget Cross-Site Scripting (1.5.6)