Description
In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).
Remediation
References
Related Vulnerabilities
WordPress Plugin Import and export users and customers Security Bypass (1.15)
Apache Traffic Server Unchecked Return Value Vulnerability (CVE-2024-50306)
Werkzeug WSGI CVE-2023-23934 Vulnerability (CVE-2023-23934)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-0664)
WordPress Plugin Booking Ultra Pro Appointments Booking Calendar Local File Inclusion (1.1.13)