CVE-2019-16220

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 5.2.3

Description The issue is related to the validation and sanitization of a URL in the wp validate redirect function in wp-includes/pluggable.php. This could lead to an open redirect if a provided URL path does not start with a forward slash. The vulnerability may allow a remote attacker to access and compromise confidential data.

Recommendations For WordPress versions prior to 5.2.3, update to version 5.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the wp validate redirect function in wp-includes/pluggable.php until a patch is applied.