Open redirect in WordPress - CVE-2018-10100
Published: May 6, 2018 / Updated: May 8, 2018
Vulnerability identifier: #VU12400
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-10100
CWE-ID: CWE-601
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: WordPress.ORG
Affected software:
WordPress
WordPress
Detailed vulnerability description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to the redirection URL for the login page was not validated or sanitized if forced to use HTTPS. A remote attacker can gain access to potentially sensitive information.
How to mitigate CVE-2018-10100
Update to version 4.9.5.