Description
Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server.
Remediation
References
Related Vulnerabilities
SharePoint Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-49704)
WebLogic CVE-2022-21261 Vulnerability (CVE-2022-21261)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-35614)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-5252)