Description
In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect if a provided URL path does not start with a forward slash.
Remediation
References
Related Vulnerabilities
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3093)
WordPress Plugin PDF & Print Button Joliprint Multiple Cross-Site Scripting Vulnerabilities (1.3.0)
Oracle Database Server CVE-2011-0793 Vulnerability (CVE-2011-0793)
WordPress Plugin Slider Hero with Animation, Video Background Cross-Site Request Forgery (8.2.0)