Description
Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers incorrect hostname parsing, as demonstrated by an https:example.com URL.
Remediation
References
Related Vulnerabilities
WordPress Plugin SKU Shortlink For WooCommerce Arbitrary File Disclosure (1.3.4)
Oracle Application Server CVE-2009-0993 Vulnerability (CVE-2009-0993)
WordPress Plugin Rencontre-Dating Site Multiple Vulnerabilities (3.2.1)
Grafana Incorrect Authorization Vulnerability (CVE-2022-31107)
WordPress Plugin WPML (WordPress Multilingual) Cross-Site Scripting (3.6.3)