Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10101)

Description

Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server.

Remediation

References

Related Vulnerabilities

WordPress Plugin Homepage SlideShow Arbitrary File Upload (2.3)

WordPress Plugin iQ Block Country Cross-Site Scripting (1.1.19)

MySQL CVE-2021-2048 Vulnerability (CVE-2021-2048)

WordPress Plugin User Profile Picture Information Disclosure (2.4.0)

WordPress Plugin Qwizcards-online quizzes and flashcards Cross-Site Scripting (3.61)

Severity

Medium

Classification

CVE-2018-10101 CWE-601 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities