PT-2018-9681 · WordPress · Wordpress

Xknown

·

Published

2018-04-14

·

Updated

2018-05-18

·

CVE-2018-10100

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 4.9.5
Description: The issue concerns the login page's redirection URL, which was not properly validated or sanitized when forced to use HTTPS.
Recommendations: For versions prior to 4.9.5, update to version 4.9.5 or later to resolve the issue.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2018-10100
DLA-1366-1
DSA-4193-1

Affected Products

Wordpress