CVE-2013-4339 — Improper Input Validation in Wordpress

CWE-20 — Improper Input Validation5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.9%

top 24.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedSep 12

Latest updateMay 17

Description

WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 3.6.1+dfsg-1 (bookworm)

▶Debianwordpress/wordpress< 3.6.1+dfsg-1+3

▶NVDwordpress/wordpress3.6

Patches

Patch: core.trac.wordpress.org ↗Patch: core.trac.wordpress.org ↗Patch: wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-3j2h-mfvw-w96c: WordPress before 3↗2022-05-17

▶

OSV

CVE-2013-4339: WordPress before 3↗2013-09-12

▶

📋Vendor Advisories

Debian

CVE-2013-4339: wordpress - WordPress before 3.6.1 does not properly validate URLs before use in an HTTP red...↗2013

▶

💬Community

Bugzilla

CVE-2013-4338 CVE-2013-4339 CVE-2013-4340 CVE-2013-5738 CVE-2013-5739 wordpress: new security issues fixed in 3.6.1↗2013-09-12

▶