Description
In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Symposium Open Redirect (13.04)
WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.26)
WordPress Plugin Easy WP SMTP Security Bypass (1.4.2)
WordPress Plugin Order Export & Order Import for WooCommerce Information Disclosure (1.0.8)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1635)