5.7

CVE-2020-4048

WordPress Core < 5.4.2 - Open Redirect

In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).
Mögliche Gegenmaßnahme
WordPress: Update to one of the following versions, or a newer patched version: 3.7.34, 3.8.34, 3.9.32, 4.0.31, 4.1.31, 4.2.28, 4.3.24, 4.4.23, 4.5.22, 4.6.19, 4.7.18, 4.8.14, 4.9.15, 5.0.10, 5.1.6, 5.2.7, 5.3.4, 5.4.2
Weitere Schwachstelleninformationen
SystemWordPress Core
Produkt WordPress
Version [*, 3.7)
Version 3.7 - 3.7.33
Version 3.8 - 3.8.33
Version 3.9 - 3.9.31
Version 4.0 - 4.0.30
Version 4.1 - 4.1.30
Version 4.2 - 4.2.27
Version 4.3 - 4.3.23
Version 4.4 - 4.4.22
Version 4.5 - 4.5.21
Version 4.6 - 4.6.18
Version 4.7 - 4.7.17
Version 4.8 - 4.8.13
Version 4.9 - 4.9.14
Version 5.0 - 5.0.9
Version 5.1 - 5.1.5
Version 5.2 - 5.2.6
Version 5.3 - 5.3.3
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WordpressWordpress Version >= 3.7 < 3.7.34
WordpressWordpress Version >= 3.8 < 3.8.34
WordpressWordpress Version >= 3.9 < 3.9.32
WordpressWordpress Version >= 4.0 < 4.0.31
WordpressWordpress Version >= 4.1 < 4.1.31
WordpressWordpress Version >= 4.2 < 4.2.28
WordpressWordpress Version >= 4.3 < 4.3.24
WordpressWordpress Version >= 4.4 < 4.4.23
WordpressWordpress Version >= 4.5 < 4.5.22
WordpressWordpress Version >= 4.6 < 4.6.19
WordpressWordpress Version >= 4.7 < 4.7.18
WordpressWordpress Version >= 4.8 < 4.8.14
WordpressWordpress Version >= 4.9 < 4.9.15
WordpressWordpress Version >= 5.0 < 5.0.10
WordpressWordpress Version >= 5.1 < 5.1.6
WordpressWordpress Version >= 5.2 < 5.2.7
WordpressWordpress Version >= 5.3.0 < 5.3.4
WordpressWordpress Version >= 5.4 < 5.4.2
FedoraprojectFedora Version32
FedoraprojectFedora Version33
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.5% 0.872
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.7 2.1 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
nvd@nist.gov 4.9 6.8 4.9
AV:N/AC:M/Au:S/C:P/I:P/A:N
security-advisories@github.com 5.7 2.1 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://www.debian.org/security/2020/dsa-4709
Third Party Advisory
Mailing List