WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10101)

Description

Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server.

Remediation

References

Related Vulnerabilities

WordPress Plugin GA Top post for WP by Asentechllc Security Bypass (1.0)

PostgreSQL Missing Authorization Vulnerability (CVE-2024-4317)

Atlassian Jira CVE-2019-20403 Vulnerability (CVE-2019-20403)

Mailman Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-42097)

Dot CMS Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability (CVE-2022-45782)

Severity

Medium

Classification

CVE-2018-10101 CWE-601 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities