Description
In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation.
Remediation
References
Related Vulnerabilities
WordPress Plugin JS Support Ticket Unspecified Vulnerability (1.1.1)
WordPress 4.3.x Possible SQL Injection Vulnerability (4.3 - 4.3.12)
WordPress Plugin LOGIN AND REGISTRATION ATTEMPTS LIMIT Cross-Site Request Forgery (2.1)
WordPress Plugin Relevanssi-A Better Search 'Seach Query' Field HTML Injection (2.7.2)
WordPress Plugin Frontend Uploader Cross-Site Scripting (1.3.2)