ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 4.4.1 - Open Redirect

Product
WordPress
Description
This vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL which triggers incorrect hostname parsing.
Solution
Update WordPress.
Classification
Type Open Redirection
References
CVE Mitre
CVE
Name CVE-2016-2221
Versions
Affected In <= 4.4.1
Fixed In 4.4.2
Disclosure date
2016-02-04