Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress prior to 4.4.2 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers incorrect hostname parsing, as demonstrated by an https:example.com URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wordpress wordpress |