Description
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS.
Remediation
References
Related Vulnerabilities
YetiForce CRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-1411)
WordPress Plugin Request a Quote Cross-Site Scripting (2.0.0)
Dolibarr Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-33816)
Atlassian Jira Improper Authentication Vulnerability (CVE-2021-39119)