WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation

Affects WordPresses

3.8.1

Fixed in version 3.8.21✓

3.8

Fixed in version 3.8.21✓

3.7.1

Fixed in version 3.7.21✓

3.6

Fixed in version 4.7.5✓

3.5.2

Fixed in version 4.7.5✓

3.5.1

Fixed in version 4.7.5✓

3.5

Fixed in version 4.7.5✓

3.4.2

Fixed in version 4.7.5✓

3.4.1

Fixed in version 4.7.5✓

3.4

Fixed in version 4.7.5✓

References

CVE

CVE-2017-9066

URL

https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11

URL

https://wordpress.org/news/2017/05/wordpress-4-7-5/

Classification

Type

REDIRECT

OWASP top 10

A1: Injection

CWE

CWE-601

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

WPVDB ID

e9e59e08-0586-4332-a394-efb648c7cd84

Timeline

Publicly Published

2017-05-16 (about 4 years ago)

Added

2017-05-17 (about 4 years ago)

Last Updated

2020-09-22 (about 10 months ago)

Our Other Services

WPScan WordPress Security Plugin