WordPress 2.9.2-4.8.1 - Open Redirect

Description

An open redirect was discovered on the user and term edit screens. Reported by Yasin Soliman (ysx).

Affects WordPresses

3.8.1

Fixed in version 3.8.22✓

3.8

Fixed in version 3.8.22✓

3.7.1

Fixed in version 3.7.22✓

3.6

Fixed in version 4.8.2✓

3.5.2

Fixed in version 4.8.2✓

3.5.1

Fixed in version 4.8.2✓

3.5

Fixed in version 4.8.2✓

3.4.2

Fixed in version 4.8.2✓

3.4.1

Fixed in version 4.8.2✓

3.4

Fixed in version 4.8.2✓

References

CVE

CVE-2017-14725

URL

https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/

URL

https://core.trac.wordpress.org/changeset/41398

Classification

Type

REDIRECT

OWASP top 10

A1: Injection

CWE

CWE-601

Miscellaneous

Submitter

alykode

Verified

WPVDB ID

571beae9-d92d-4f9b-aa9f-7c94e33683a1

Timeline

Publicly Published

2017-09-20 (about 3 years ago)

Added

2017-09-25 (about 3 years ago)

Last Updated

2020-09-22 (about 10 months ago)

Our Other Services

WPScan WordPress Security Plugin