ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <=3.6 - URL Redirect Restriction Bypass

Product
WordPress
Description
WordPress version 3.6 is affected by a URL redirect restriction bypass vulnerability. It allows an attacker to craft a URL by clicking, that the victim would be taken to a site of the attacker's choice via the Location: tag in a 302 Redirect.
Solution
Upgrade to version 3.6.1.
Classification
Type BYPASS
References
CVE
Name CVE-N/A
Versions
Affected In <=3.6, 3.1
Fixed In 3.6.1
Disclosure date
2013-10-14
Credits
Kenneth F. Bel.
Submitter
ThreatPress