CVE-2016-2221 — Wordpress vulnerability

7 documents5 sources

Severity

7.4HIGHNVD

EPSS

3.5%

top 12.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedMay 22

Latest updateMay 17

Description

Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers incorrect hostname parsing, as demonstrated by an https:example.com URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:NExploitability: 2.8 | Impact: 4.0

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 4.4.2+dfsg-1 (bookworm)

▶Debianwordpress/wordpress< 4.4.2+dfsg-1+3

▶NVDwordpress/wordpress4.4.1

Patches

Patch: codex.wordpress.org ↗Patch: core.trac.wordpress.org ↗Patch: wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-fwqj-qf3c-gm6c: Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable↗2022-05-17

▶

OSV

CVE-2016-2221: Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable↗2016-05-22

▶

📋Vendor Advisories

Debian

CVE-2016-2221: wordpress - Open redirect vulnerability in the wp_validate_redirect function in wp-includes/...↗2016

▶

💬Community

Bugzilla

CVE-2016-2221 CVE-2016-2222 wordpress: SSRF and open redirect issues fixed in 4.4.2 [epel-all]↗2016-02-08

▶

Bugzilla

CVE-2016-2221 CVE-2016-2222 wordpress: SSRF and open redirect issues fixed in 4.4.2↗2016-02-08

▶

Bugzilla

CVE-2016-2221 CVE-2016-2222 wordpress: SSRF and open redirect issues fixed in 4.4.2 [fedora-all]↗2016-02-08

▶