CVE-2013-4339
WordPress < 3.6.1 - Open Redirect via URL Validation Bypass
Title source: llmDescription
WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string.
References (10)
Core 10
Core References
Exploit, Patch x_refsource_confirm
http://core.trac.wordpress.org/changeset/25324
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116832.html
Exploit, Patch x_refsource_confirm
http://core.trac.wordpress.org/changeset/25323
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116828.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/101181
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2757
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2013/Dec/174
Vendor Advisory x_refsource_confirm
http://codex.wordpress.org/Version_3.6.1
Patch, Vendor Advisory x_refsource_confirm
http://wordpress.org/news/2013/09/wordpress-3-6-1/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117118.html
Scores
EPSS
0.0088
EPSS Percentile
75.6%
Details
CWE
CWE-20
Status
published
Products (1)
wordpress/wordpress
< 3.6
Published
Sep 12, 2013
Tracked Since
Feb 18, 2026