Description

In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect if a provided URL path does not start with a forward slash.

Remediation

References

CVE-2019-16220

Related Vulnerabilities

Perl Out-of-bounds Write Vulnerability (CVE-2022-48522)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-5739)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall SQL Injection (3.9.0)

PHP Other Vulnerability (CVE-2005-3353)

WordPress Plugin AdRotate-Ad manager & AdSense Ads SQL Injection (5.2)

Severity

Medium

Classification

CVE-2019-16220 CWE-601 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities