Description

In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect if a provided URL path does not start with a forward slash.

Remediation

References

CVE-2019-16220

Related Vulnerabilities

WordPress Plugin Popup Builder-Create highly converting, mobile friendly marketing popups Unspecified Vulnerability (2.5.3)

WordPress Plugin Jssor Slider Arbitrary File Upload (1.3)

WordPress Plugin WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Security Bypass (7.6.0)

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-13068)

WordPress 4.4.x Prototype Pollution (4.4 - 4.4.26)

Severity

Medium

Classification

CVE-2019-16220 CWE-601 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities