CVE-2020-4048

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 5.4.2 WordPress versions 5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34

Description The issue is related to an unintended/open redirect when an arbitrary external link is crafted due to a problem in wp validate redirect() and URL sanitization. This could allow a remote attacker to access and compromise confidential data.

Recommendations For WordPress versions prior to 5.4.2, update to version 5.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to external links until the update is applied.