Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.4
CVSSv3

CVE-2016-2221

Published: 22/05/2016 Updated: 04/11/2017
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.4 | Impact Score: 4 | Exploitability Score: 2.8
VMScore: 517
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Subscribe to Wordpress

Vulnerability Summary

Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress prior to 4.4.2 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers incorrect hostname parsing, as demonstrated by an https:example.com URL.

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress

Vendor Advisories

Debian CVElist Bug Report Logs: wordpress: New version available: 4.4.2 (CVE-2016-2221 CVE-2016-2222)
Debian Bug report logs - #813697 wordpress: New version available: 442 (CVE-2016-2221 CVE-2016-2222) Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Christer Mjellem Strand <dilldall@bjorkorg> Date: Thu, 4 Fe ...
Debian Security Advisories: DSA-3472-1 wordpress -- security update
Two vulnerabilities were discovered in wordpress, a web blogging tool The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-2221 Shailesh Suthar discovered an open redirection vulnerability CVE-2016-2222 Ronni Skansing discovered a server-side request forgery (SSRF) vulnerability For the oldst ...

Github Repositories

https://github.com/mimmam1464/codepath-projects

Codepath Assignment 9

Project 8 - Pentesting Live Targets Project Stack and Significance Software Security Course Assignment Time spent: 4 hours spent in total Objective: Identify vulnerabilities in three different versions of the Globitek website: blue, green, and red The six possible exploits are: Username Enumeration Insecure Direct Object Reference (IDOR) SQL Injection (SQLi) Cross-Site Scri

https://github.com/mohammad-a-immam/codepath-projects

Codepath Assignment 9

Project 8 - Pentesting Live Targets Project Stack and Significance Software Security Course Assignment Time spent: 4 hours spent in total Objective: Identify vulnerabilities in three different versions of the Globitek website: blue, green, and red The six possible exploits are: Username Enumeration Insecure Direct Object Reference (IDOR) SQL Injection (SQLi) Cross-Site Scri

References

NVD-CWE-Otherhttps://codex.wordpress.org/Version_4.4.2https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/https://core.trac.wordpress.org/changeset/36444https://wpvulndb.com/vulnerabilities/8377http://www.securityfocus.com/bid/82463http://www.securitytracker.com/id/1034933http://www.debian.org/security/2016/dsa-3472https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813697https://nvd.nist.govhttps://github.com/mimmam1464/codepath-projectshttps://www.debian.org/security/./dsa-3472
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook