Description
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS.
Remediation
References
Related Vulnerabilities
WordPress Plugin Social Share Icons & Social Share Buttons Unspecified Vulnerability (1.4)
Envoy Proxy Uncontrolled Recursion Vulnerability (CVE-2022-23606)
Roundcube Files or Directories Accessible to External Parties Vulnerability (CVE-2017-16651)
Varnish Cache Reachable Assertion Vulnerability (CVE-2019-15892)