WordPress < 5.4.2 - Open Redirection

Description

Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in wp_validate_redirect().

Affects WordPresses

5.4.1

Fixed in version 5.4.2✓

5.4

Fixed in version 5.4.2✓

5.3.3

Fixed in version 5.3.4✓

5.3.2

Fixed in version 5.3.4✓

5.3.1

Fixed in version 5.3.4✓

5.3

Fixed in version 5.3.4✓

5.2.6

Fixed in version 5.2.7✓

5.2.5

Fixed in version 5.2.7✓

5.2.4

Fixed in version 5.2.7✓

5.2.3

Fixed in version 5.2.7✓

References

CVE

CVE-2020-4048

URL

https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/

URL

https://github.com/WordPress/WordPress/commit/10e2a50c523cf0b9785555a688d7d36a40fbeccf

URL

https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-q6pw-gvf4-5fj5

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

Ben Bidner

Verified

WPVDB ID

12855f02-432e-4484-af09-7d0fbf596909

Timeline

Publicly Published

2020-06-11 (about 1 years ago)

Added

2020-06-11 (about 1 years ago)

Last Updated

2020-06-13 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin