Описание
WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string.
Ссылки
- Vendor Advisory
- ExploitPatch
- ExploitPatch
- PatchVendor Advisory
- Vendor Advisory
- ExploitPatch
- ExploitPatch
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.6 (включая)
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00696
Низкий
7.5 High
CVSS2
Дефекты
CWE-20
Связанные уязвимости
ubuntu
почти 12 лет назад
WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string.
debian
почти 12 лет назад
WordPress before 3.6.1 does not properly validate URLs before use in a ...
github
около 3 лет назад
WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string.
EPSS
Процентиль: 71%
0.00696
Низкий
7.5 High
CVSS2
Дефекты
CWE-20