CVE-2020-4048 — Open Redirect in Wordpress

CWE-601 — Open Redirect6 documents4 sources

Severity

5.7MEDIUMNVD

EPSS

3.5%

top 12.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress Wordpress Wordpress-develop +2 more

Timeline

PublishedJun 12

Latest updateJun 18

Description

In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/wordpress< wordpress 5.4.2+dfsg1-1 (bookworm)

▶NVDwordpress/wordpress3.7 — 3.7.34+17

▶Debianwordpress/wordpress< 5.4.2+dfsg1-1+3

▶CVEListV5wordpress/wordpress-develop18 versions+17

Also affects: Debian Linux 10.0, 8.0, 9.0, Fedora 32, 33

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2020-4048: In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading t↗2020-06-12

▶

📋Vendor Advisories

Debian

CVE-2020-4048: wordpress - In affected versions of WordPress, due to an issue in wp_validate_redirect() and...↗2020

▶

💬Community

Bugzilla

CVE-2020-4048 wordpress: open redirect in wp_validate_redirect function [epel-all]↗2020-06-18

▶

Bugzilla

CVE-2020-4048 wordpress: open redirect in wp_validate_redirect function [fedora-all]↗2020-06-18

▶

Bugzilla

CVE-2020-4048 wordpress: open redirect in wp_validate_redirect function↗2020-06-18

▶