Description Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS. Remediation References CVE-2018-10100 Related Vulnerabilities Drupal Core 5.x Arbitrary Code Execution (5.0 - 5.2) Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-32615) Joomla Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-10945) Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5493) WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Multiple Vulnerabilities (2.0.15) Severity Medium Classification CVE-2018-10100 CWE-601 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities