7.4
CVE-2016-2221
- EPSS 3.47%
- Veröffentlicht 22.05.2016 01:59:14
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle security@debian.org
- CVE-Watchlists
- Unerledigt
LoginWordPress Core < 4.4.2 - Open Redirect via wp_validate_redirect
Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers incorrect hostname parsing, as demonstrated by an https:example.com URL.
Mögliche Gegenmaßnahme
WordPress: Update to one of the following versions, or a newer patched version: 3.7.13, 3.8.13, 3.9.11, 4.0.10, 4.1.10, 4.2.7, 4.3.3, 4.4.2
Weitere Schwachstelleninformationen
SystemWordPress Core
≫
Produkt
WordPress
Version
[*, 3.7)
Version
3.7 - 3.7.12
Version
3.8 - 3.8.12
Version
3.9 - 3.9.10
Version
4.0 - 4.0.9
Version
4.1 - 4.1.9
Version
4.2 - 4.2.6
Version
4.3 - 4.3.2
Version
4.4 - 4.4.1
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.47% | 0.871 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.4 | 2.8 | 4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|