Main Vulnerability Database Vulnerabilities #VU12400

#VU12400 Open redirect in WordPress - CVE-2018-10100

Published: May 6, 2018 / Updated: May 8, 2018

Vulnerability identifier: #VU12400

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-10100

CWE-ID: CWE-601

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
WordPress

Software vendor:
WordPress.ORG

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the redirection URL for the login page was not validated or sanitized if forced to use HTTPS. A remote attacker can gain access to potentially sensitive information.

Remediation

Update to version 4.9.5.

External links

https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/

#VU12400 Open redirect in WordPress - CVE-2018-10100

Description

Remediation

External links

Please verify you're human