Description
Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers incorrect hostname parsing, as demonstrated by an https:example.com URL.
Remediation
References
Related Vulnerabilities
Sqlite CVE-2021-36690 Vulnerability (CVE-2021-36690)
WordPress Plugin AccessAlly PHP Code Execution (3.3.1)
WordPress Plugin Brizy-Page Builder Security Bypass (1.0.125)
PostgreSQL Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2005-0227)
Atlassian Confluence CVE-2023-22505 Vulnerability (CVE-2023-22505)